VVCWiki vvcwiki https://www.chepkov.com/wiki/Main_Page MediaWiki 1.39.5 first-letter Media Special Talk User User talk VVCWiki VVCWiki talk File File talk MediaWiki MediaWiki talk Template Template talk Help Help talk Category Category talk 8 2 3 2007-12-15T21:12:41Z Vvc 1 New page: * navigation ** mainpage|mainpage ** recentchanges-url|recentchanges wikitext text/x-wiki * navigation ** mainpage|mainpage ** recentchanges-url|recentchanges 95c376cdfe10841d9c9a80c792fff16e9605f6ed 0 8 17 2008-06-07T19:20:41Z Vvc 1 New page: To create a patch: diff -urN source.orig source.new > patch.txt wikitext text/x-wiki To create a patch: diff -urN source.orig source.new > patch.txt 6bd03c77cfcdf36ad839a8793ddf1def36aad6cf 0 7 19 18 2008-06-13T19:09:10Z Vvc 1 grammar wikitext text/x-wiki [[Oracle CentOS 5|Installing Oracle on CentOS 5]] dc62eab79f22d663e04c8fa6e0401f2514b67ac7 0 10 37 36 2008-06-28T17:24:11Z Vvc 1 wikitext text/x-wiki [[Managing Certificate Authority]] [[Creating server certificate]] 57877ff42da94716488c88209b90acb9f0e85824 14 16 62 2008-06-29T15:25:11Z Vvc 1 New page: OpenSSL related articles wikitext text/x-wiki OpenSSL related articles ce65fff3d09efdb9b4de5b8b978b35f232acb1e7 14 15 64 63 2008-06-29T15:26:00Z Vvc 1 wikitext text/x-wiki Oracle related articles 1fdee6bf879a278cc617ae68b791153bd69b766e 0 17 72 2008-07-07T18:51:43Z Vvc 1 [[Fedora]] moved to [[Linux]]: More then just fedora wikitext text/x-wiki #REDIRECT [[Linux]] d51bf9cff7954e6e54dbf1d79c250d00103fffdc 0 19 79 2008-07-10T14:52:25Z Vvc 1 Initial version wikitext text/x-wiki Even though it doesn't happen quite often, sometimes spamd dies and that will lead to spam getting through. To prevent this here is a simple watchdog that can monitor status of the spamd /usr/local/sbin/spamd.watch <source lang="perl"> #!/usr/bin/perl use strict; use IO::Socket; my $spamd_tcp_port = 783; my $timeout = 5 ; # seconds my $sock = IO::Socket::INET->new( PeerAddr => 'localhost', PeerPort => $spamd_tcp_port, Proto => "tcp", Timeout => $timeout); my $return; if ($sock && $sock->connected()) { eval { print $sock "PING SPAMC/1.0\n"; local $SIG{ALRM} = sub {die "Timeout"}; alarm $timeout; $return = <$sock>; alarm 0; }; if ( defined ($@) && $@ eq "Timeout" ) { exit 0; } if ($return !~ /SPAMD.+PONG/ ) { exit 0; } else { exit 1; } } exit 0; </source> Now add this script into your cron: <pre> */4 * * * * root /usr/local/sbin/spamd.watch && /sbin/service spamassassin condrestart </pre> 09ac4f79e10fd48133e34717499d472549de83d6 0 20 81 2008-07-11T15:26:40Z Vvc 1 Initial version wikitext text/x-wiki In order to limit su to root to members of group wheel only add the following line to '''/etc/pam.d/su''' <pre> auth required pam_wheel.so use_uid group=wheel root_only </pre> ef344cc87944617bba4f675e92f71cd6a1164681 0 21 84 83 2008-07-11T20:23:02Z Vvc 1 wikitext text/x-wiki If you created your DomU guest by exporting the whole disk and not partitions, here is how you access it's file system from Dom0: <pre> # fdisk -luC 1 /dev/vg0/xenmike Disk /dev/vg0/xenmike: 10.7 GB, 10737418240 bytes 255 heads, 63 sectors/track, 1305 cylinders, total 20971520 sectors Units = sectors of 1 * 512 = 512 bytes Device Boot Start End Blocks Id System /dev/vg0/xenmike1 * 63 208844 104391 83 Linux /dev/vg0/xenmike2 208845 19904534 9847845 83 Linux /dev/vg0/xenmike3 19904535 20948759 522112+ 82 Linux swap / Solaris </pre> We want to mount second partition. First calculate offset, we take start value for this partition and multiply it by sector size: '''512 * 208845 = 106928640''' Now we mount it: <pre> # mount -o loop,offset=106928640 /dev/vg0/xenmike -t ext3 /v # ls -l /v total 100 drwxr-xr-x 2 root root 4096 Jun 26 04:04 bin drwxr-xr-x 2 root root 4096 Jun 25 09:53 boot drwxr-xr-x 2 root root 4096 Jun 25 09:53 dev drwxr-xr-x 67 root root 4096 Jul 11 13:48 etc .... </pre> 75654ab2f93e5fd3c8f6d2067ab416a8fbbef6f2 8 14 87 86 2008-07-13T00:34:14Z Vvc 1 Undo css text/css body.page-Main_Page h1.firstHeading { display:none; } #ca-edit { display: none; } 1c7b11dd34b0ca258a7f6c5bc242d558e294f156 0 24 94 2008-08-06T20:29:07Z Vvc 1 [[Solaris IPC settings]] moved to [[Solaris 5.10 IPC settings]] wikitext text/x-wiki #REDIRECT [[Solaris 5.10 IPC settings]] edfa939417801c88d19b6c39eea582c894ea4769 0 22 95 89 2008-08-06T20:29:41Z Vvc 1 wikitext text/x-wiki [[Solaris 5.10 IPC settings]] 032116d93d111cd67fa5b261c2e96732d861b9d0 0 9 100 99 2008-10-22T22:08:14Z Vvc 1 Updated start script for Oracle 11 functionality wikitext text/x-wiki == Installing Oracle 11 on CentOS 5 == === Pre-installation steps === * Create Oracle user and groups <pre> groupadd oinstall groupadd dba groupadd oper useradd -g oinstall -G dba,oper oracle </pre> * Prepare environment :* Create Oracle configuration file '''/etc/sysconfig/oracledb''' <source lang="bash"> ORACLE_BASE=/opt/oracle ORACLE_SID=MYDB ORACLE_HOME=$ORACLE_BASE/product/11g START_ORACLE=yes START_LISTENER=yes </source> :* Make sure the correct kernel parameters are appended to '''/etc/sysctl.conf''' <pre> # added for Oracle kernel.shmall = 2097152 kernel.shmmax = 2147483648 kernel.shmmni = 4096 kernel.sem = 250 32000 100 128 net.core.rmem_default = 4194304 net.core.rmem_max = 4194304 net.core.wmem_default = 262144 net.core.wmem_max = 262144 fs.file-max = 65536 net.ipv4.ip_local_port_range = 1024 65000 </pre> :* Update kernel parameters <pre> sysctl -p </pre> :* Create '''/etc/profile.d/oracle.sh''' and make it executable <source lang="bash"> #!/bin/sh if [ -f /etc/sysconfig/oracledb ] ; then . /etc/sysconfig/oracledb export ORACLE_BASE ORACLE_SID ORACLE_HOME export PATH=$PATH:$ORACLE_HOME/bin fi if [ $USER = oracle ]; then ulimit -u 16384 -n 65536 umask 022 fi if [ -n "$EDITOR" ]; then export EDITOR=vi fi </source> :* Update '''/etc/security/limits.conf''' <pre> oracle soft nproc 2047 oracle hard nproc 16384 oracle soft nofile 1024 oracle hard nofile 65536 </pre> * Create directories/filesystems for installation and database files <pre> . /etc/profile.d/oracle.sh mkdir -p $ORACLE_HOME chown -R oracle:oinstall $ORACLE_BASE chmod -R 775 $ORACLE_BASE mkdir -p /u02/oradata chown oracle:oinstall /u02/oradata chmod 775 /u02/oradata mkdir -p /opt/oraInventory chown oracle:oinstall /opt/oraInventory chmod 770 /opt/oraInventory </pre> * Install required packages <pre> yum -y install gcc-c++ libaio-devel compat-libstdc++-33 elfutils-libelf-devel unixODBC-devel yum -y install ksh xorg-x11-utils sysstat </pre> === Installation === * Download distribution from http://www.oracle.com * All following steps need to be done under oracle user id <pre> su - oracle </pre> * Extract the distribution <pre> cd /u02/oradata unzip /media/linux_x86_11gR1_database.zip </pre> * Start X server on a workstation * Start installation (do not create database during this step) : During installation you will be asked to run two scripts under root user id, do it in a separate terminal window <pre> cd /u02/oradata/database export DISPLAY=workstation:0.0 ./runInstaller </pre> * Add selinux context <pre> semanage fcontext -a -t textrel_shlib_t '/opt/oracle/.*/lib/.+\.so([^/]*)*(\.[^/]*)*' restorecon -R /opt </pre> * Some cleaning <pre> cd /u02/oradata rm -rf database rm -rf /tmp/OraInstall* </pre> * Generate client libraries <pre> genclntst genclntsh </pre> * Create your database <pre> dbca </pre> * Edit file /etc/oratab and enable automatic startup of the database * Shutdown just created database <pre> dbshut </pre> * Create listener configuration file '''$ORACLE_HOME/network/admin/listener.ora''' <pre> LOGGING_LISTENER=OFF DBA_GROUP = dba STOP_LISTENER = YES CONNECT_TIMEOUT_LISTENER = 10 STARTUP_WAIT_TIME_LISTENER = 0 </pre> === Post-installation tasks === : The following tasks are executed by root * Create startup script '''/etc/rc.d/init.d/oracle''' <source lang="bash"> #!/bin/bash # chkconfig: 345 85 15 # description: The Oracle Database # config: /etc/oratab # config: /etc/sysconfig/oracledb # Source function library. . /etc/rc.d/init.d/functions ORA_OWNER="oracle" # pull in sysconfig settings if [ -f /etc/sysconfig/oracledb ]; then . /etc/sysconfig/oracledb fi [ $START_ORACLE = "yes" ] || exit 0 # check environment (e.g. ORACLE_HOME) if [ -z "$ORACLE_HOME" -o ! -d $ORACLE_HOME ]; then echo "Cannot find ORACLE_HOME directory." echo -n "Environment settings are wrong? Check /etc/sysconfig/oracledb" failure $"Checking Oracle environment" exit 1 fi start () { echo -n $"Starting Oracle: " if [ "${START_LISTENER:-no}" = "yes" ]; then ORACLE_HOME_LISTNER=$ORACLE_HOME fi daemon --user $ORA_OWNER $ORACLE_HOME/bin/dbstart $ORACLE_HOME_LISTNER >/dev/null if [ $? -eq 0 ] ; then touch /var/lock/subsys/oracle success echo return 0 else failure echo return 1 fi } stop () { echo -n $"Stopping Oracle: " su - $ORA_OWNER -c "$ORACLE_HOME/bin/dbshut $ORACLE_HOME" > /dev/null if [ $? -eq 0 ] ; then rm -f /var/lock/subsys/oracle success echo return 0 else failure echo return 1 fi } restart () { stop start } case "$1" in start) start ;; stop) stop ;; restart) restart ;; condrestart) [ -f /var/lock/subsys/oracle ] && restart || : ;; *) echo "Usage: $0 {start|stop|restart|condrestart}" exit 1 esac </source> * Add it to the startup sequence <pre> chmod +x /etc/init.d/oracle chkconfig --add oracle </pre> * Add a daily maintenance script to oracle's cron or '''/etc/cron.d/oracle''' ** Example <source lang="bash"> #!/bin/sh [ -f /etc/oratab -o -f /etc/sysconfig/oracledb ] || exit 0 . /etc/sysconfig/oracledb TODAY=`date +%Y%m%d` # For each enabled database grep -v ^# /etc/oratab| awk -F: '{if ($3=="Y") print $1}'| while read DB do if [ -d "$ORACLE_BASE/admin/$DB" ] ; then /usr/sbin/tmpwatch -m -d -x $ORACLE_BASE/admin/$DB/scripts 168 $ORACLE_BASE/admin/$DB if [ -s "$ORACLE_BASE/admin/$DB/bdump/alert_$DB.log" ] ; then mv $ORACLE_BASE/admin/$DB/bdump/alert_$DB.log $ORACLE_BASE/admin/$DB/bdump/alert_${DB}_$TODAY.log grep ORA- $ORACLE_BASE/admin/$DB/bdump/alert_${DB}_$TODAY.log > /tmp/ora_alert.$$ if [ -s /tmp/ora_alert.$$ ] ; then mail -s "$DB alert log" $ORA_OWNER < /tmp/ora_alert.$$ fi rm -f /tmp/ora_alert.$$ fi fi done </source> * Add oracle id into '''/etc/aliases''' === Start your Oracle === <pre> service oracle start </pre> <span style="font-size:xx-large"> Enjoy ! </span> [[Category:Oracle]] 68674990845ca4c4a1af66bcb39b2db0d5506e3b 0 25 103 102 2008-11-12T18:29:32Z Vvc 1 typo wikitext text/x-wiki [[Category:XEN]] <pre> lvcreate --name centos --size 4G vg0 virt-install --name=centos --ram=256 --file=/dev/vg0/centos --nographics --location=ftp://ftp.dc.aleron.net/pub/linux/centos/5/os/i386 --extra-args=ks=http://chepkov.com/svn/config/kickstart/centos-xen.cfg </pre> ca3a2174ac9a503df3e0b97a2263985302c0b39e 14 26 104 2008-11-12T18:30:01Z Vvc 1 New page: XEN related issues wikitext text/x-wiki XEN related issues c9a94503acc97b927e0fc9442c35ddd181fe7f24 0 18 106 105 2008-11-12T18:30:50Z Vvc 1 typo wikitext text/x-wiki [[Category:XEN]] <pre> lvcreate --size 10G --name vvc-root vg0 mkfs -j /dev/vg0/vvc-root lvcreate --size 512M --name vvc-swap vg0 mkswap /dev/vg0/vvc-swap mkdir /v mount -t ext3 -o noatime /dev/vg0/vvc-root /v mkdir -p /v/var/lib/{rpm,yum} mkdir -p /v/var/log rpm --root /v --initdb wget http://mirror.centos.org/centos/5/os/i386/CentOS/centos-release-5-2.el5.centos.i386.rpm rpm -ihv --nodeps --root /v centos-release-5-2.el5.centos.i386.rpm </pre> <pre> [main] cachedir=/var/cache/yum keepcache=0 debuglevel=2 logfile=/var/log/yum.log distroverpkg=redhat-release tolerant=1 exactarch=1 obsoletes=1 gpgcheck=1 plugins=1 exclude=grub kudzu hdparm kbd setserial kernel* </pre> <pre> yum --installroot=/v -y groupinstall core cp -rp /lib/modules/2.6.18-92.1.6.el5xen /v/lib/modules/ chroot /v </pre> /etc/fstab <pre> /dev/xvda1 / ext3 noatime 1 1 /dev/xvda2 swap swap defaults 0 0 tmpfs /dev/shm tmpfs defaults 0 0 devpts /dev/pts devpts gid=5,mode=620 0 0 sysfs /sys sysfs defaults 0 0 proc /proc proc defaults 0 0 </pre> /etc/ld.so.conf <pre> hwcap 0 nosegneg </pre> <pre> ldconfig -v mount /sys authconfig --enableshadow --enablemd5 --update passwd root </pre> /etc/securetty <pre> xvc0 </pre> /etc/hosts <pre> 127.0.0.1 localhost vvc.chepkov.lan vvc </pre> /etc/modprobe.conf <pre> alias eth0 xennet alias scsi_hostadapter xenblk </pre> <pre> mkinitrd -v -f /boot/initrd-vvc-2.6.18-92.1.6.el5xen.img 2.6.18-92.1.6.el5xen umount /sys </pre> /etc/sysconfig/network <pre> NETWORKING=yes HOSTNAME=vvc.chepkov.lan NETWORKING_IPV6=no </pre> /etc/sysconfig/network-scripts/ifcfg-eth0 <pre> DEVICE=eth0 BOOTPROTO=dhcp ONBOOT=yes DHCP_HOSTNAME=vvc </pre> /etc/sysconfig/clock <pre> ZONE="UTC" UTC=false ARC=false </pre> <pre> cp -f /usr/share/zoneinfo/UTC /etc/localtime </pre> /etc/inittab <pre> co:2345:respawn:/sbin/agetty xvc0 9600 vt100-nav </pre> <pre> exit mv /v/boot/initrd-vvc-2.6.18-92.1.6.el5xen.img /boot/ umount /v </pre> /etc/xen/auto/vvc <pre> name = "vvc" kernel = "/boot/vmlinuz-2.6.18-92.1.6.el5xen" ramdisk = "/boot/initrd-vvc-2.6.18-92.1.6.el5xen.img" extra = "console=xvc0" memory = "256" disk = [ 'phy:///dev/vg0/vvc-root,xvda1,w', 'phy:///dev/vg0/vvc-swap,xvda2,w' ] vif = [ 'mac=00:16:3e:00:00:01, bridge=xenbr0', ] vcpus=1 on_reboot = 'restart' on_crash = 'restart' </pre> <pre> xm create -c /etc/xen/auto/vvc </pre> d009baad288e3c989060d8d5e2bf1c30eac65602 0 27 108 2008-11-20T15:08:25Z Vvc 1 Added AIX build page wikitext text/x-wiki [[ Building Subversion on AIX ]] 1c7e78375f1e0c0b0418f0bfb911f5b4c7963f36 0 28 111 110 2008-11-22T04:14:31Z Vvc 1 duplicate title wikitext text/x-wiki * Install expat * Install zlib * Install openssl * Install APR and APR-util * Install neon *:./configure --with-ssl --with-expat -with-zlib --enable-shared --with-libs=/usr/local:/usr/local/ssl d416acfc126008f2ee35eb4af367c3909beac02b 0 31 118 2008-12-05T14:44:38Z Vvc 1 Initial version wikitext text/x-wiki === CPU Support === Make sure that the CPU supports Full virtualization over XEN. For INTEL Systems, it should have the ‘vmx’ support. To check, use the following command: # grep vmx /proc/cpuinfo For AMD systems, it should have ’svm’ support. To check, use the following command: # grep svm /proc/cpuinfo If these commands return nothing, then check whether the setting related to 'Virtualization' has enabled on the BIOS (it is turned OFF by default). If the BIOS is not enabled for virtualization, then it may be necessary to upgrade the BIOS. 91083d45b161c04a002d07eab61d0248664d53d0 4 34 121 2008-12-05T14:47:54Z Vvc 1 As-is wikitext text/x-wiki There is no privacy here 088a7c5e72cf4ddc78391e8c77a08831089d898f 6 35 122 2008-12-09T21:30:51Z Vvc 1 PuTTYgen start screen wikitext text/x-wiki PuTTYgen start screen 79bf19d0a4bb45ef460c67a456504881569053f0 6 36 123 2008-12-09T21:31:26Z Vvc 1 PuTTYgen result screen wikitext text/x-wiki PuTTYgen result screen e5b25966ab2df643757feb4f2a08840f550f7c6a 0 39 128 2008-12-11T20:00:18Z Vvc 1 Initial version wikitext text/x-wiki Makefile <pre> SENDMAIL_CF_DIR= /usr/samples/tcpip/sendmail .SUFFIXES: .cf .mc .MAIN: all all: sendmail.cf .mc.cf: m4 -D_CF_DIR_=${SENDMAIL_CF_DIR}/ \ ${SENDMAIL_CF_DIR}/m4/cf.m4 $< > $@ </pre> sendmail.mc <pre> VERSIONID(`setup for SOA')dnl OSTYPE(`aixsample')dnl define(`SMART_HOST', `smtp.mcilink.com')dnl define(`confTO_CONNECT', `1m')dnl define(`confTO_IDENT', `0')dnl define(`confDONT_PROBE_INTERFACES', `True')dnl define(`ALIAS_FILE', `/etc/mail/aliases')dnl define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,nobodyreturn')dnl undefine(`UUCP_RELAY')dnl define(`confEIGHT_BIT_HANDLING',`pass8')dnl FEATURE(`no_default_msa', `dnl')dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl MAILER(smtp)dnl LOCAL_RULESETS SHdrFromSMTP R$* $@ SOA-Server@verizonbusiness.com SEnvFromSMTP R$* $@ SOA-Server@verizonbusiness.com </pre> ecea2e9243de45fa4e9490b6f7c1a6f4cdc1d6eb 6 44 140 2008-12-17T15:10:02Z Vvc 1 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 6 45 141 2008-12-17T15:10:16Z Vvc 1 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 6 46 143 2008-12-17T15:16:30Z Vvc 1 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 6 47 144 2008-12-17T16:23:45Z Vvc 1 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 6 48 145 2008-12-17T16:23:55Z Vvc 1 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 6 49 146 2008-12-17T16:24:03Z Vvc 1 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 6 51 148 2008-12-17T16:24:22Z Vvc 1 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 6 50 153 152 2008-12-17T16:57:44Z Vvc 1 uploaded a new version of "[[Image:PuTTY4.png]]" wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 6 52 154 2008-12-17T17:12:53Z Vvc 1 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 6 53 155 2008-12-17T17:13:04Z Vvc 1 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 2 54 158 2008-12-17T18:56:54Z Vvc 1 New page: Dennis Burdick wikitext text/x-wiki Dennis Burdick 920e5073225de4c699efaf05823c3c16850121d2 6 55 174 2008-12-26T17:54:13Z Dburdick 2 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 0 12 206 205 2009-01-26T01:34:52Z Vvc 1 server wikitext text/x-wiki This article should help you to run your own '''certificate authority (CA)'''. == Creating CA == We will keep all files related to our CA in directory '''/root/CA''' === openssl.conf === First, we will create OpenSSL configuration file. It can be stored anywere and referenced by environment variable <pre> export OPENSSL_CONF=/root/CA/openssl.conf </pre> Here is my file <pre> [ ca ] default_ca = CA_default [ CA_default ] dir = /root/CA new_certs_dir = $dir/certs database = $dir/index.txt unique_subject = no certificate = $dir/cacert.pem private_key = $dir/private/cakey.pem serial = $dir/serial crl = $dir/crl.pem RANDFILE = $dir/private/.rand x509_extensions = usr_cert name_opt = ca_default cert_opt = ca_default copy_extensions = copy default_days = 365 default_crl_days= 35 default_md = sha1 preserve = no policy = policy_any [ policy_any ] countryName = supplied stateOrProvinceName = supplied localityName = supplied organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = supplied [ req ] default_bits = 1024 default_md = sha1 distinguished_name = req_distinguished_name prompt = no x509_extensions = v3_ca [ req_distinguished_name ] countryName = US stateOrProvinceName = Virginia localityName = Leesburg organizationName = Vadym Chepkov organizationalUnitName = Vadym Chepkov CA commonName = Vadym Chepkov CA emailAddress = vvc@chepkov.com [ v3_ca ] subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer:always keyUsage = critical,keyCertSign,cRLSign basicConstraints = critical,CA:TRUE,pathlen:1 subjectAltName=email:copy issuerAltName=issuer:copy authorityInfoAccess = caIssuers;URI:http://www.chepkov.com/ca.html crlDistributionPoints=URI:http://www.chepkov.com/vvc-ca.crl [ intermediate_ca ] subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer:always keyUsage = critical,keyCertSign,cRLSign basicConstraints = critical,CA:TRUE,pathlen:0 subjectAltName=email:copy issuerAltName=issuer:copy authorityInfoAccess = caIssuers;URI:http://www.chepkov.com/ca.html crlDistributionPoints=URI:http://www.chepkov.com/vvc-ca.crl [ usr_cert ] basicConstraints = critical,CA:FALSE keyUsage = critical,digitalSignature,keyAgreement subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer issuerAltName=issuer:copy authorityInfoAccess = caIssuers;URI:http://www.chepkov.com/ca.html crlDistributionPoints=URI:http://www.chepkov.com/vvc-ca.crl [ server ] basicConstraints = critical,CA:FALSE subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer:always extendedKeyUsage=serverAuth keyUsage = critical,digitalSignature, keyEncipherment authorityInfoAccess = caIssuers;URI:http://www.chepkov.com/ca.html crlDistributionPoints=URI:http://www.chepkov.com/vvc-ca.crl </pre> === Creating initial database === <pre> cd /root/CA mkdir certs private chmod 700 private echo 01 > serial touch index.txt index.txt.attr </pre> === Creating CA private key === openssl genrsa -out private/cakey.pem 2048 === Creating CA certificate request === openssl req -new -key private/cakey.pem -out ca.csr === Self-signing CA certificate === openssl ca -selfsign -in ca.csr -keyfile private/cakey.pem -out cacert.pem -extensions v3_ca -verbose -enddate 361231235959Z === Signing Certificate Request === openssl ca -days 730 -in server.csr -out server.crt -extensions server Make sure expiration day of the certificate does not exceed expiration day of your certificate authority. You don't have to specify '''days''' argument if you want to use default from openssl.conf === Revoking a certificate === openssl ca -revoke cert.pem === Generating Certificate Revocation List (CRL) === openssl ca -gencrl -out crl.pem openssl crl -in crl.pem -out crl.crl -outform DER [[Category:OpenSSL]] 4b1dc21008a05b46212a9a46167545013361bd7f 6 60 208 2009-01-26T22:25:21Z Vvc 1 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 6 61 211 210 2009-01-26T23:05:57Z Vvc 1 uploaded a new version of "[[Image:Firefox.png]]" wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 0 37 212 209 2009-01-26T23:07:26Z Vvc 1 Added picture wikitext text/x-wiki I have been asked many times by co-workers and friends to help them in establishing SSH tunnels, so I decided to create a web page for them for a change, therefore this page will somewhat more detailed that a usual page on my selfish wiki. __TOC__ ==Overview== Why do we need tunnels. Usually to bypass a firewall or connect to an application that is accepting connections only from the local host or secure otherwise unsecure connection. I will provide solutions for common problems here. Lets make some assumptions. You are running a Windows workstation (don't worry my Microsoft-free friends, you will have your share). We will be using PuTTY ([http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html download]), but all other SSH clients have the same capabilities. ==Generate authentication keys== We will use Public Key Authentication method. You have to use SSH protocol verison 2 to utilize this capability. Using this method is more secure, then regular password authentication. ===PuTTYgen=== Putty comes with PuTTYgen, a program for authentication key manipulation. It has a lot of options, but we are going to utilize some simple one. Start/Programs/PuTTY/PuTTYgen [[Image:PuTTYgen1.png]] I suggest you keep the default settings and use SSH-2 RSA type of the key. If you want, you can increase the size of your key to 2048 bits. This key is used during authentication phase of establishing a connection. After the connection has been established, it is no longer needed for that session. Press '''Generate''' button. Move your mouse while the program generates the key, it will help it to collect some random data which will make your key less predictable. [[Image:PuTTYgen2.png]] You will want to change the '''Key comment''' field to identify the key later. Setting a '''passphrase''' will provide a little extra security, as you will be prompted to provide it every time you use the key. I personally prefer to encrypt the saved key using standard Windows feature instead. <br/>Press '''Save private key''' and save it in some folder, I will put it into '''My Documents/Keys''' directory I created. [[Image:PuTTYgen3.png]] Lets not forget to encrypt the key. Right click on the file/Properties/Advanced/Encrypt [[Image:PuTTYgen4.png]] "Save public key" button would save public key in a format that is not compatible with OpenSSH, so we will not address it here. Instead have you noticed on top of the screen the following panel: [[Image:PuTTYgen5.png]] Copy this line and paste it in Notepad editor and save this public key for future use. And yes, even though it looks like several lines it's actually one line of text which will be even longer if you increased the size of the key. <br/>Technically, you don't have to save it, because public key can be always generated from the private key, not other way around. If you run PuTTYgen again and in '''File''' menu select '''Load private key''' you will get access to the public key again. ===ssh-keygen=== ssh-keygen does all what PuTTYgen does with one simple (well...terse anyway) command and that's why we like Unix <pre> [vvc@vps1 ~]$ ssh-keygen -t rsa -b 1024 -C 'vvc@vps1' -N '' -f ~/.ssh/vvc-vps1-rsa Generating public/private rsa key pair. Your identification has been saved in /home/vvc/.ssh/vvc-vps1-rsa. Your public key has been saved in /home/vvc/.ssh/vvc-vps1-rsa.pub. The key fingerprint is: 66:63:4f:61:d7:de:dc:cd:18:6d:68:6a:47:bb:11:54 vvc@vps1 </pre> This command generates an rsa key 1024 bits long with comment <tt>vvc@vps1</tt> without password (if you can't trust your root who on Earth can you trust) and saves it in the file <tt>~/.ssh/vvc-vps1-rsa</tt>. The public key was also saved in a file of the same name with a .pub extension. Not all of these parameters are necessary. Furthermore, since we are not using default name for private rsa key file (which is id_rsa, by the way) we would have to specify which key to use for our future connections, but I think we can manage that, especially since we will use openssh config file. ==Install authentication key== First you have to be sure you have proper directory structure in place with secure permissions set, otherwise openssh server will refuse to use public key for authentication. This has to be done on the server we would like to connect using our private key. <pre> chmod go-w $HOME mkdir $HOME/.ssh chmod 700 $HOME/.ssh touch $HOME/.ssh/authorized_keys chmod 600 $HOME/.ssh/authorized_keys </pre> Now using you favorite editor add content of your public key to the <tt>$HOME/.ssh/authorized_keys</tt> so it will look like this: <pre> [vvc@vps1 ~]$ cat /home/vvc/.ssh/authorized_keys ssh-rsa AAAAB3Nza....DN9hE= vvc@laptop </pre> I omitted most of the symbols to emphasize this is ONE line of text. You can have many keys stored in this file, each on separate line. Since I will be connecting from my laptop to vps1 I added public key generated on my laptop to the <tt>authorized_keys</tt> file on vps1. If I want to connect from vps1 server to xen server I would put public key generated on vps1 to <tt>authorized_keys</tt> file on xen server. Now since the file is in place we are going to use it in PuTTY *Fill in hostname, port number, session name [[Image:PuTTY1.png]] *Fill in your login name [[Image:PuTTY2.png]] *Select your private key [[Image:PuTTY3.png]] *Return back to the session screen and hit on '''Save''' button to save you changes. [[Image:PuTTY4.png]] Remember, PuTTY as of yet doesn't have "Autosave" capabilities so you have to go back to Session screen and save changes you made. This is an important step to keep in mind while adding tunnels as nothing prompts you to save so people usually forget. *Hit '''Open''' button. [[Image:PuTTY5.png]] Congratulations, you have established connection using your private key. ==Tunnel to POP3 server using PuTTY== In this example we would like to connect to a remote POP3 server running on <tt>vps1</tt> server. If you check it is listening only on localhost: <pre> [vvc@vps1 ~]$ grep -w pop3 /etc/services |grep tcp pop3 110/tcp pop-3 # POP version 3 [vvc@vps1 ~]$ netstat -an|grep -w 110 tcp 0 0 127.0.0.1:110 0.0.0.0:* LISTEN </pre> So, the only way to connect to it remotely is via tunnel. Lets add it: *Start PuTTY *Select <tt>vps1</tt> session previously saved *Click on '''Load''' button *Add the tunnel [[Image:PuTTY6.png]] Ok, lets review the purpose. You want to forward Local port 10110 to "localhost port 110" on remote server. So, localhost here is direction for vps1 openssh server, not for the PuTTY. After you open your regular connection via ssh port 22, PuTTY will establish a tunnel "inside" of this connection. So for some third party observer or firewall it will be just packets going out to vps1 ports 22, nothing else. I have selected an arbitrary port on my laptop, 10110, I can use any port I want as long as it is not occupied by some other application. *Click '''Add''' button [[Image:PuTTY7.png]] *Don't forget to save your changes [[Image:PuTTY4.png]] *Click on open button and establish connection with a tunnel. You HAVE to keep ssh connection open for tunnel to be functioning. Lets check if the tunnel works: <pre> C:\Documents and Settings\vvc>telnet localhost 10110 +OK Dovecot ready. quit +OK Logging out Connection to host lost. </pre> Here we go, we were able to access remote POP3 server, Dovecot in this case. So if I had to configure a mail client program I would put server name as localhost and port as 10110 and I would have to start ssh session before I check my mail. ==Tunnel to MySQL server using openssh== Now we want to connect from vps1 to mysql server running on server hut *First I add my public generated key we generated [[#ssh-keygen|earlier]] to <tt>authorized_keys</tt> file on server hut [vvc@hut ~]$ cat vvc-vps1-rsa.pub >> ~/.ssh/authorized_keys *Mysql is running on the hut, but even though it listens on external interface, connection to it blocked by firewall. <pre> [vvc@hut ~]$ grep -w mysql /etc/services |grep tcp mysql 3306/tcp # MySQL [vvc@hut ~]$ netstat -an|grep -w 3306 tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN </pre> *Next I create a section in <tt>$HOME/.ssh/config</tt> file on vps1 <pre> Host hut Hostname vvc.homeunix.net Port 22 User vvc IdentityFile ~/.ssh/vvc-vps1-rsa UserKnownHostsFile ~/.ssh/hut LocalForward 10001 localhost:3306 </pre> *Establish connection <pre> [vvc@vps1 ~]$ ssh hut Last login: Wed Dec 17 12:50:13 2008 from vps1.chepkov.com [vvc@hut ~]$ </pre> *Now in another open session with vps1 you can access mysql server running on hut: <pre> [vvc@vps1 ~]$ mysql --host=127.0.0.1 --port=10001 -p vvcg2 Enter password: Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 131 Server version: 5.0.67 Source distribution Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql> </pre> Noticed the version on the server? it's 5.0.67 The client is 5.0.45, so we really connected to some other server: <pre> [vvc@vps1 ~]$ mysql --version mysql Ver 14.12 Distrib 5.0.45, for redhat-linux-gnu (x86_64) using readline 5.0 </pre> Also noticed I specified 127.0.0.1 instead of localhost? That's because mysql client thinks it's smart and when it sees <tt>localhost</tt> as a <tt>hostname</tt> it tries to connect via UNIX socket and ignores --port parameter completely and silently. ==Double tunnel to Postgres server (long way)== Here is our task. We want to connect to postgres port on server <tt>xen</tt> which is available only from server xen itself. The pickle is, xen's ssh server is running on port 2222 and our outgoing firewall doesn't allow such connections from laptop. What we have to do is to hop via vps1 to xen. *First you would establish tunnel from you local port 5432 to vps1 port 15432 using [[##Tunnel_to_POP3_server_using_PuTTY|previous example]] *Second you establish tunnel from local port 15432 to xen port 5432 using [[##Tunnel_to_MySQL_server_using_openssh|previous example]] *Now you can connect to local port 5432 using your favorit postgres client and it will connects you to postregs server of your dream. ==Double tunnel to Postgres server (simplified)== *Generate a new key which we use for this "doubled" connection the way it described in [[##PuTTYgen|previous example]]. It will be clear why we need another key later. It will have postgres@laptop comment in it. *Create a PuTTY [[##Tunnel_to_POP3_server_using_PuTTY|session]] with name xen-postgres but vps1 as a hostname, we connect to it first, after all. We set it to use new private key and a tunnel from local port 5432 to 'localhost:15432' *Configure ssh access from vps1 to xen as described [[##Tunnel to MySQL server using openssh|earlier]], but forwarding local port 15432 to port 5432 on xen. Verify that <tt>ssh xen</tt> command will connect you from vps1 to xen. *Add newly generated public key into your <tt>authorized_keys</tt> file, but with a twist: prefix it with command you want to execute after connection is established: <pre> command="/usr/bin/ssh xen" ssh-rsa ABC....KK= postgres@laptop </pre> *Now open the connection, you will end up on xen server right away and you will have all tunnels in place. ==Reverse tunnel for firefox== Now we want a remote X application (firefox, for instance) to be able to connect to locally running [http://www.cygwin.com Cygwin] X server. X Server by default is listening on port 6000, so to accomplish the task we need to forward remote localhost:6000 (we assume X Server is not running on remote server, it's a server after all, otherwise you have to choose a different port) to local port 6000. [[Image:PuTTY8.png]] Save you settings, establish the connection, start your firefox: $ firefox --display localhost:0 [[Image:Firefox.png]] Cheers! ==SSH Tunnel Illustration== ''From Dennis:'' This may help with the introduction. [[Image:SSHTunnel.png]] 7376b765bfd5529287d906de5e731a1793e40762 2 62 213 2009-01-31T15:17:42Z Vvc 1 New page: ~~~ wikitext text/x-wiki Vadym Chepkov e1262d6da733c6d61d38da515e39de9ef0276d79 4 63 214 2009-01-31T15:18:15Z Vvc 1 New page: All is public domain wikitext text/x-wiki All is public domain 2ec42adb28cbecbc375e21d0347f8dee29d370b1 14 66 224 2009-02-03T21:06:50Z Vvc 1 Initial page wikitext text/x-wiki Linux related articles 2b983878c028e76d13cae4a5218e6f88c3019ce7 0 6 225 13 2009-02-03T21:07:17Z Vvc 1 Added category wikitext text/x-wiki install kernel-devel cd $DRIVER make -C /lib/modules/`uname -r`/build -M=`pwd` modules mkdir -p /tmp/`uname -r`/i686 cd /tmp cp $DRIVER/*ko `uname -r`/i686/ ls -1 */*/*.ko > modules-list cpio -o --format=crc < modules-list | gzip -c -9 > modules.cgz [[Category:Linux]] 31419b2a910aa9b46dbee76abfa0e4ded297d199 0 43 226 138 2009-02-03T21:07:58Z Vvc 1 wikitext text/x-wiki [http://fedoraproject.org/wiki/Anaconda/Kickstart Kickstart Configuration] [http://fedoraproject.org/wiki/Anaconda/Options Command Line Options] [[Category:Linux]] 9499d17e8ce77816ab54c36d724076ee10e0b4ba 0 59 229 228 2009-02-03T21:09:44Z Vvc 1 wikitext text/x-wiki __TOC__ ===Write syslog into Postgres database=== * create '''syslog''' table <source lang="sql"> CREATE TABLE syslog ( id SERIAL PRIMARY KEY, host VARCHAR(32) NULL, facility VARCHAR(10) NULL, priority VARCHAR(10) NULL, tag VARCHAR(32) NULL, timestamp TIMESTAMP WITHOUT TIME ZONE NULL, message TEXT ); </source> * create user id and grant permissions to insert new entries <source lang="sql"> CREATE USER sysuser PASSWORD 'syspass'; GRANT INSERT ON syslog TO sysuser; GRANT SELECT,UPDATE ON syslog_id_seq TO sysuser; </source> * install '''rsyslog-pgsql''' package ---- rsyslog configuration by default is in '''/etc/rsyslog.conf''' ---- * enable postrges support $ModLoad ompgsql.so * enable logging from remote hosts if needed $ModLoad imudp.so $UDPServerRun 514 * add sql statement template <pre> $template syslogSQL,"insert into syslog (host,facility,priority,tag,timestamp,message) \ values ('%HOSTNAME%','%syslogfacility-text%','%syslogpriority-text%','%syslogtag:F,58:1%','%timereported:::date-pgsql%','%msg%')",stdsql </pre> * set secure permission on configuration file, since we are going to store password to access postgres database there chmod 600 /etc/rsyslog.conf * add action statement *.* :ompgsql:localhost,syslogdb,sysuser,syspass;syslogSQL * add the following configuration to ensure log entries will be preserved if database was busy of temporary unavailable <pre> $WorkDirectory /var/lib/rsyslog # where to place spool files $ActionQueueFileName dbq # unique name prefix for spool files $ActionQueueMaxDiskSpace 512M # 512M space limit (use as much as possible) $ActionQueueSaveOnShutdown on # save messages to disk on shutdown $ActionQueueType LinkedList # run asynchronously $ActionResumeRetryCount -1 # infinite retries if host is down </pre> * create spool directory mkdir /var/lib/rsyslog * if you use [http://www.nsa.gov/research/selinux/ SELinux], you might need to change your local policy :* local.te <pre> type rsyslog_var_lib_t; files_type(rsyslog_var_lib_t); manage_files_pattern(syslogd_t, rsyslog_var_lib_t, rsyslog_var_lib_t) manage_dirs_pattern(syslogd_t, rsyslog_var_lib_t, rsyslog_var_lib_t) </pre> :* local.fc /var/lib/rsyslog(/.*)? gen_context(system_u:object_r:rsyslog_var_lib_t,s0) :* fix security context restorecon -vR /var/lib/rsyslog * start using rsyslog service rsyslog start * add a maintenance script which will remove old entries, for example <source lang="sql"> DELETE FROM syslog WHERE timestamp < LOCALTIMESTAMP - INTERVAL '30 days'; </source> ===Write syslog entries from a host to a separate file=== <pre> # Router :FROMHOST, isequal, "vzrouter" -/var/log/vzrouter.log </pre> :<tt>'-'</tt> in front of a log file name instructs rsyslog to omit syncing the file after every logging * Don't forget to add '''/var/log/vzrouter.log''' into '''/etc/logrotate.d/syslog''' [[Category:Linux]] 5d47de57413591eca88a49325274956ef2b5ea3a 0 65 230 227 2009-02-06T20:44:48Z Dburdick 2 /* Create backup */ wikitext text/x-wiki This article will help you to encrypt your existing Fedora 10 installation === Where we begin === We have the following disk configuration: <pre> # fdisk -l /dev/sda Disk /dev/sda: 40.0 GB, 40000000000 bytes 255 heads, 63 sectors/track, 4863 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Disk identifier: 0x000e6cc7 Device Boot Start End Blocks Id System /dev/sda1 * 1 13 104391 83 Linux /dev/sda2 14 4863 38957625 8e Linux LVM </pre> * '''/dev/sda1''' is our '''/boot''' partition * '''/dev/sda2''' is physical volume for existing volume group '''vg0''' <pre> # cat /etc/fstab /dev/vg0/root / ext3 noatime 1 1 /dev/vg0/tmp /tmp ext2 noatime 1 2 /dev/vg0/home /home ext3 noatime 1 2 /dev/vg0/var /var ext3 noatime 1 2 /dev/vg0/usr /usr ext3 noatime 1 2 LABEL=boot /boot ext2 noatime 1 2 tmpfs /dev/shm tmpfs defaults 0 0 devpts /dev/pts devpts gid=5,mode=620 0 0 sysfs /sys sysfs defaults 0 0 proc /proc proc defaults 0 0 /dev/vg0/swap swap swap defaults 0 0 </pre> === Install required packages === * dump * plymouth-system-plugin * cryptsetup-luks yum install dump plymouth-system-plugin cryptsetup-luks === Create backup === Mount your external USB disk, for example, to /mnt and use dump to backup your current installation. Make two copies, on two different disks, to be sure, '''this is the most important step''' <pre> dump -0 -f /mnt/root.dump / dump -0 -f /mnt/usr.dump /usr dump -0 -f /mnt/var.dump /var dump -0 -f /mnt/home.dump /home </pre> === Boot in rescue mode === Skip mounting existing installation, we are going to destroy it in the next step * Make the existing data unrecoverable shred -v -n 1 -z /dev/sda2 * Create new encrypted physical volume cryptsetup --verify-passphrase luksFormat --cipher aes-cbc-essiv:sha256 --key-size 256 /dev/sda2 cryptsetup --verbose luksOpen /dev/sda2 cryptpv * recreate volume group and logical volumes <pre> lvm pvcreate /dev/mapper/cryptpv lvm vgcreate -s 32M vg0 /dev/mapper/cryptpv lvm lvcreate --size 512 --name root vg0 lvm lvcreate --size 2G --name swap vg0 lvm lvcreate --size 4G --name usr vg0 lvm lvcreate --size 1G --name var vg0 lvm lvcreate --size 1G --name home vg0 lvm lvcreate --size 256 --name tmp vg0 mke2fs -j -L root /dev/vg0/root mkswap -L swap /dev/vg0/swap mke2fs -j -L usr /dev/vg0/usr mke2fs -j -L var /dev/vg0/var mke2fs -j -L home /dev/vg0/home mke2fs -L tmp /dev/vg0/tmp </pre> * remount backup and root <pre> mkdir /tmp/root mkdir /tmp/mnt mount /dev/sdb1 /tmp/mnt mount -t ext3 /dev/vg0/root /tmp/root </pre> * restore root <pre> cd /tmp/root restore -r -f /tmp/mnt/root.dump rm restoresymtable </pre> * mount and restore remaining file systems <pre> mount -t ext3 -o noatime /dev/vg0/usr /tmp/root/usr cd /tmp/root/usr restore -r -f /tmp/mnt/usr.dump rm restoresymtable mount -t ext3 -o noatime /dev/vg0/var /tmp/root/var cd /tmp/root/var restore -r -f /tmp/mnt/var.dump rm restoresymtable mount -t ext3 -o noatime /dev/vg0/home /tmp/root/home cd /tmp/root/home restore -r -f /tmp/mnt/home.dump rm restoresymtable mount -t ext2 -o noatime /dev/vg0/tmp /tmp/root/tmp chmod 1777 /tmp/root/tmp </pre> * unmount backup, create all device nodes for chrooted environment <pre> umount /tmp/mnt cp -ax /dev/* /tmp/root/dev mkdir /tmp/root/dev/shm mount -t proc proc /tmp/root/proc mount -t sysfs sysfs /tmp/root/sys </pre> * chroot into restored system <pre> chroot /tmp/root mount -a swapon -a vgcfgbackup </pre> * recreate initrd image cd /boot mkinitrd -v -f `ls initrd*` `ls /lib/modules` * force fsck check and selinux relabeling of the new system touch /.autofsck /.autorelabel === You are done === exit reboot [[Category:Linux]] 14946a55dfeb1ec3a2e7165f3ba44c31b1d4adde 0 67 233 2009-02-11T20:32:37Z Vvc 1 Initial version wikitext text/x-wiki Add the following code to dump an array/variable <source lang="php"> ob_start(); var_dump($details); $var_dump_out = ob_get_contents(); ob_end_clean(); file_put_contents('/var/log/dump.log', $var_dump_out, FILE_APPEND); </source> 1958fc0defb1970e68a4bc7bc9a740878c6b1d71 0 69 240 2009-04-06T23:14:27Z Vvc 1 Initial page wikitext text/x-wiki ===Converting ext3 filesystem to ext4=== <pre> umount /dev/vg0/fs tune2fs -O extents,uninit_bg,dir_index /dev/vg0/fs fsck -pf /dev/vg0/fs </pre> e834424990385c05d8e09266e69188d8a11f5c28 0 72 247 246 2009-05-02T02:25:13Z Vvc 1 wikitext text/x-wiki '''~/.procmalrc''' <pre> SHELL=/bin/bash :0 hc * !^FROM_DAEMON * !^FROM_MAILER * !^X-Loop: autoreply * ^Subject:.* | (formail -rt -A"Precedence: junk"\ -A"X-Loop: autoreply" ; \ cat $HOME/autoreply.txt ) | $SENDMAIL -t </pre> cad82551d236309371ac8bdc78be66d9442c6e32 0 73 249 2009-05-09T13:09:11Z Vvc 1 Added page wikitext text/x-wiki Logging <pre> logging { category "default" { "debug"; }; category "general" { "debug"; }; category "database" { "debug"; }; category "security" { "debug"; }; category "config" { "debug"; }; category "resolver" { "debug"; }; category "xfer-in" { "debug"; }; category "xfer-out" { "debug"; }; category "notify" { "debug"; }; category "client" { "debug"; }; category "unmatched" { "debug"; }; category "network" { "debug"; }; category "update" { "debug"; }; category "queries" { "debug"; }; category "dispatch" { "debug"; }; category "dnssec" { "debug"; }; category "lame-servers" { "debug"; }; channel "debug" { file "/tmp/nameddbg" versions 2 size 50m; print-time yes; print-category yes; }; }; </pre> bc8cf751e85c61b5b8423f680c0ff287b601d179 4 32 250 119 2009-05-12T15:27:32Z Vvc 1 wikitext text/x-wiki Vadym Chepkov's Personal Wiki Use any information you find here on your own risk. 9f0267bf505dc1bd062977062e2b6d6c710ce6d2 4 33 251 120 2009-05-12T15:27:44Z Vvc 1 wikitext text/x-wiki Use any information you find here on your own risk. 40af8c9f329ba5d84ac1a55f0b3338d31a4ac89b 0 74 257 253 2009-07-03T12:48:58Z Vvc 1 enable local accounts wikitext text/x-wiki __NOTOC__ === Prerequisites === yum install ntp samba-winbind krb5-workstation authconfig === NTP === Make sure time is synchronized with the ADS controller. === authconfig === Run authconfig <pre> # authconfig --updateall --enablewinbind --enablelocauthorize --enablewinbindauth --smbsecurity=ads --smbrealm=DOMAIN.LAN \ --smbidmapuid=10000-20000 --smbidmapgid=10000-20000 --winbindseparator=/ --winbindtemplatehomedir=/home/%U \ --winbindtemplateshell=/bin/bash --enablewinbindusedefaultdomain --winbindjoin=Administrator </pre> === Verify domain membership === <pre> # wbinfo -u administrator guest krbtgt mobile user tmpl user tmpl power user tmpl administrator tmpl ... </pre> === Tune /etc/samba/smb.conf === Add these parameters: <pre> winbind cache time = 10 winbind enum users = Yes winbind enum groups = Yes winbind nested groups = Yes obey pam restrictions = yes </pre> Restart winbind service winbind restart === Verify integration === <pre> # getent passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin ... administrator:*:10001:10000:Administrator:/home/administrator:/bin/bash guest:*:10002:10001:Guest:/home/guest:/bin/bash ... </pre> [[Category:Linux]] 52301b5882db43422428628968a9ed382ff98681 0 76 258 2009-07-09T15:15:06Z Dburdick 2 Created page with '=just a place for dennis to put crap= [[Using Squid As A Proxy]]' wikitext text/x-wiki =just a place for dennis to put crap= [[Using Squid As A Proxy]] 949ed110c56586039355fbe79f5ee30fae3a4504 0 77 269 268 2009-07-10T09:03:55Z Vvc 1 wikitext text/x-wiki =Overview= My nephew says "I can't reach some websites a work. How do I get around that". I thought about it for a moment and said to my self..."Who would know how to circumnavigate web commies???" The answer was "ask a former citizen of the USSR" :) I'm sure there are many ways, but Squid was easy to setup, and not only did do what I what I wanted, it also did things that were important that I didn't consider. I say it was '''easy''', but it was only easy when being directed by my friend and ex patriot of the Ukraine. Assuming you are using Redhat variant, here we go... Major steps: # [[#Install Squid|Install Squid]] # [[#Configure Squid|Configure Squid]] # [[#Add user|Add user]] # [[#Start Squid|Start Squid]] # [[#Configure Your Browser|Configure Your Browser]] Now every time you first start your browser, it will ask you for your super secret username and password. After that go to whatever URL you want. All the traffic from your browser will go to your proxy. Your proxy will be the host opening the URL you requested, so the web commies will just see a connection to your innocent little proxy :) Enjoy,<br> Dennis Burdick =Install Squid= This couldn't be easier. First lets find out what which version we should install. It should install the correct architecture, but I don't trust it. <pre> sudo -i yum search squid </pre> Make sure it matches your architecture. I am running 32 bit, so I want to see i386 architecture... <pre> yum -y install squid.i386 </pre> =Configure Squid= This is the hardest part, unless you have a Vadym sitting next to you. Here is what I did... * First allow port 3128 to pass through your firewall. * Enable authorization Find "auth_param basic program" in your squid.conf. Uncomment this line. You will want to change the directories. Here is what mine looks like.. <pre> auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid.passwd </pre> * Now let's add the ACL entries. Put this at after the auth_param line, or Vadym will call you a dork. (I know this from experience) I recommend in the section that starts with... <pre> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS </pre> <pre> acl my_users proxy_auth REQUIRED http_access allow my_users </pre> * Dance, because you are finished with the hard part. =Add user= Let's add a user using the apache tool <pre> htpasswd -c /etc/squid/squid.passwd <username> </pre> Of course replace <username> with the desired username. You will be prompted for your super secret password. =Start Squid= Simple enough.. <pre> service squid restart </pre> If you want it to start on reboot... <pre> chkconfig squid on </pre> =Configure Your Browser= This part obviously depends on your browser. This is how I did it in Firefox. * Go to "Tools", then "Options..." * Pick the "Advanced" Icon * Pick the "Network" tab. * Click on "Settings..." button * Choose radio button labeled "Manual proxy configuration:" * In the edit box labeled "HTTP Proxy:" enter the host name where squid is running. * In the edit box labeled "Port:" enter 3128 Hit the "Okay" buttons until you out of both modal dialog boxes. f18a969d9cb493728ef404faa19ba218e3d1c700 0 68 271 270 2009-07-21T19:00:24Z Vvc 1 wikitext text/x-wiki == Securing Tomcat Installation == This article will help you to make your ''existing'' Tomcat installation more secure. ===Disable all unnecessary connectors=== By default tomcat listens on several ports and it is possible to connect to the tomcat instance from the network. We will limit connectivity only from loopback interface (localhost only) and only through AJP connector. This is bare minimum '''server.xml''' that will do the job done: <pre> <Server> <GlobalNamingResources> <Resource name="UserDatabase" auth="Container" type="org.apache.catalina.UserDatabase" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" pathname="conf/tomcat-users.xml" /> </GlobalNamingResources> <Service name="Catalina"> <Connector port="8009" protocol="AJP/1.3" address="127.0.0.1" /> <Engine name="Catalina" defaultHost="localhost"> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase" /> <Host name="localhost" appBase="webapps" /> </Engine> </Service> </Server> </pre> Now tomcat listens only on TCP port localhost:8009, can't be more secure from network point of view. It's also useless, since no one can connect to it from the outside. We need to provide a proxy agent who will listens on HTTP (TCP port 80) and HTTPS (TCP port 443) sockets, route requests to tomcat, get responses and send them back to the requester. We will use [http://httpd.apache.org/ apache server] to accomplish the task. ===Installing apache server=== We will use httpd version 2.2.11 (latest at this moment) since it has all required components (ssl, ajp) in the source tree. * Download source code * Extract it into current directory gunzip -c < httpd-2.2.11.tar.gz | tar xf - * Sanitize the environment unset LD_LIBRARY_PATH * Run configure script *: We will install apache server into /usr/local/apache. Here we assume [http://www.openssl.org OpenSSL kit] is installed in /usr/local/ssl and [http://www.zlib.net ZLib library] is installed as a system library. If not, --with-z and --with-ssl options need to be adjusted accordingly cd httpd-2.2.11 ./configure --prefix=/usr/local/apache --with-included-apr --enable-ssl --enable-mods-shared=all \ --with-ssl=/usr/local/ssl --enable-proxy --enable-proxy-ajp * Build and install apache make && make install ===Create SSL certificate for HTTPS connections=== * Generate SSL key '''server.key''' cd /usr/local/apache/conf touch server.key chmod 600 server.key openssl genrsa -out server.key 2048 * Create openssl config file '''server-ssl.config''', here we assume server name is vvc.homeunix.net. Update all the fields appropriately <pre> [ req ] default_bits = 2048 distinguished_name = req_dn default_md = sha1 req_extensions = cert_type prompt = no [ req_dn ] # country (2 letter code) C=US # State or Province Name (full name) ST=Virginia # Locality Name (eg. city) L=Leesburg # Organization (eg. company) O=VVC # Organizational Unit Name (eg. section) OU=Apache server # Common Name (*.example.com is also possible) CN=vvc.homeunix.net # E-mail contact emailAddress=vvc@chepkov.com [ cert_type ] keyUsage=digitalSignature,keyEncipherment extendedKeyUsage=serverAuth subjectAltName=DNS:vvc.homeunix.net </pre> * Generate certificate request '''server.req''' openssl req -new -key server.key -out server.req -config server-ssl.config * Obtain server certificate. Save it in server.crt ===Create apache configuration=== Here is the bare minimum '''httpd.conf''' that should provide you with all the functions outlined before <pre> ServerRoot "/usr/local/apache" Listen 80 Listen 443 LoadModule authz_host_module modules/mod_authz_host.so LoadModule setenvif_module modules/mod_setenvif.so LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_ajp_module modules/mod_proxy_ajp.so LoadModule ssl_module modules/mod_ssl.so LoadModule mime_module modules/mod_mime.so LoadModule dir_module modules/mod_dir.so LoadModule log_config_module modules/mod_log_config.so User www Group www ServerAdmin vvc@chepkov.com DocumentRoot "/usr/local/apache/htdocs" <Directory /> Options FollowSymLinks AllowOverride None Order deny,allow Deny from all </Directory> LogLevel warn LogFormat "%h %l %u %t \"%r\" %>s %b" common CustomLog logs/access_log common ErrorLog logs/error_log DefaultType text/plain TypesConfig conf/mime.types # A client will get this message in case tomcat server is down ErrorDocument 503 "The server is under maintenance" SSLRandomSeed startup builtin SSLRandomSeed connect builtin ProxyPass / ajp://localhost:8009/ SSLPassPhraseDialog builtin SSLSessionCache "shmcb:logs/ssl_scache(512000)" SSLSessionCacheTimeout 300 SSLMutex "file:logs/ssl_mutex" <VirtualHost _default_:443> SSLEngine on SSLCipherSuite HIGH:!SSLv2:!ADH SSLProtocol all -SSLv2 SSLCertificateFile conf/server.crt SSLCertificateKeyFile conf/server.key BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 </VirtualHost> </pre> ===Start apache server=== /usr/local/apache/bin/apachectl start That's all. 0d64a675f2b0d75e8c536f775dd2c79e87feeb8f 0 78 295 294 2009-07-22T15:39:46Z Vvc 1 /* Install bootloader on second disk */ wikitext text/x-wiki === Partition new disk === <pre> [root@centos ~]# fdisk -l /dev/hda Disk /dev/hda: 20.0 GB, 20020396032 bytes 255 heads, 63 sectors/track, 2434 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Device Boot Start End Blocks Id System /dev/hda1 * 1 13 104391 83 Linux /dev/hda2 14 2434 19446682+ 8e Linux LVM [root@centos ~]# fdisk -l /dev/hdb Disk /dev/hdb: 40.0 GB, 40000000000 bytes 255 heads, 63 sectors/track, 4863 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Device Boot Start End Blocks Id System [root@centos ~]# cat /etc/fstab /dev/vg0/root / ext3 noatime 1 1 /dev/vg0/tmp /tmp ext2 noatime 1 2 /dev/vg0/home /home ext3 noatime 1 2 /dev/vg0/var /var ext3 noatime 1 2 /dev/vg0/usr /usr ext3 noatime 1 2 LABEL=/boot /boot ext2 noatime 1 2 tmpfs /dev/shm tmpfs defaults 0 0 devpts /dev/pts devpts gid=5,mode=620 0 0 sysfs /sys sysfs defaults 0 0 proc /proc proc defaults 0 0 /dev/vg0/swap swap swap defaults 0 0 [root@centos ~]# fdisk /dev/hdb The number of cylinders for this disk is set to 4863. There is nothing wrong with that, but this is larger than 1024, and could in certain setups cause problems with: 1) software that runs at boot time (e.g., old versions of LILO) 2) booting and partitioning software from other OSs (e.g., DOS FDISK, OS/2 FDISK) Command (m for help): n Command action e extended p primary partition (1-4) p Partition number (1-4): 1 First cylinder (1-4863, default 1): Using default value 1 Last cylinder or +size or +sizeM or +sizeK (1-4863, default 4863): 13 Command (m for help): t Selected partition 1 Hex code (type L to list codes): FD Changed system type of partition 1 to fd (Linux raid autodetect) Command (m for help): n Command action e extended p primary partition (1-4) p Partition number (1-4): 2 First cylinder (14-4863, default 14): Using default value 14 Last cylinder or +size or +sizeM or +sizeK (14-4863, default 4863): +512M Command (m for help): t Partition number (1-4): 2 Hex code (type L to list codes): 82 Changed system type of partition 2 to 82 (Linux swap / Solaris) Command (m for help): n Command action e extended p primary partition (1-4) p Partition number (1-4): 3 First cylinder (77-4863, default 77): Using default value 77 Last cylinder or +size or +sizeM or +sizeK (77-4863, default 4863): 2434 Command (m for help): t Partition number (1-4): 3 Hex code (type L to list codes): FD Changed system type of partition 3 to fd (Linux raid autodetect) Command (m for help): p Disk /dev/hdb: 40.0 GB, 40000000000 bytes 255 heads, 63 sectors/track, 4863 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Device Boot Start End Blocks Id System /dev/hdb1 1 13 104391 fd Linux raid autodetect /dev/hdb2 14 76 506047+ 82 Linux swap / Solaris /dev/hdb3 77 2434 18940635 fd Linux raid autodetect Command (m for help): w The partition table has been altered! Calling ioctl() to re-read partition table. Syncing disks. </pre> The new disk was larger, partition sizes were calculated based on old disk size. === Switch to new swap partition === :Note: You have to make a decision what is more important to you. If you want your system to continue to run in case of a hard disk failure, you need to go with 'swap on raid ' approach: don't create separate swap partitions, but instead create a swap logical volume in the new volume group. If performance is more important, then you split your swap between two disks and create separate swap partitions on each disk, as I did in this document. <pre> [root@centos ~]# mkswap -L swapb /dev/hdb2 Setting up swapspace version 1, size = 518184 kB LABEL=swapb, no uuid [root@centos ~]# swapon /dev/hdb2 [root@centos ~]# swapoff /dev/vg0/swap </pre> === Install required packages === yum -y install mdadm dump === Create degraded RAID arrays === <pre> [root@centos ~]# mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/hdb1 missing mdadm: array /dev/md0 started. [root@centos ~]# mdadm --create /dev/md1 --level=1 --raid-devices=2 /dev/hdb3 missing mdadm: array /dev/md1 started. [root@centos ~]# mdadm --examine --scan > /etc/mdadm.conf </pre> === Create new volume group === <pre> [root@centos ~]# pvcreate /dev/md1 Physical volume "/dev/md1" successfully created [root@centos ~]# vgcreate -s 32M vg1 /dev/md1 Volume group "vg1" successfully created [root@centos ~]# lvcreate --size 512M --name root vg1 Logical volume "root" created [root@centos ~]# lvcreate --size 4G --name usr vg1 Logical volume "usr" created [root@centos ~]# lvcreate --size 1G --name var vg1 Logical volume "var" created [root@centos ~]# lvcreate --size 1G --name home vg1 Logical volume "home" created [root@centos ~]# lvcreate --size 256M --name tmp vg1 Logical volume "tmp" created </pre> === Format new filesystems === mkfs -j /dev/vg1/root mkfs -j /dev/vg1/usr mkfs -j /dev/vg1/var mkfs -j /dev/vg1/home mkfs /dev/vg1/tmp mkfs /dev/md0 === Shutdown all services === Keep sshd running, stop the rest service crond stop service syslog stop ... === Mount/transfer root volume === <pre> mount -t ext3 /dev/vg1/root /mnt/ cd /mnt/ dump -0 -f - /dev/vg0/root | restore -r -f - rm restoresymtable </pre> === Mount/transfer remaining volumes === <pre> mount -t ext3 /dev/vg1/usr /mnt/usr/ mount -t ext3 /dev/vg1/var /mnt/var/ mount -t ext3 /dev/vg1/home /mnt/home/ mount -t ext2 /dev/vg1/tmp /mnt/tmp/ chmod 1777 /mnt/tmp mount -t ext2 /dev/md0 /mnt/boot/ cd /mnt/usr dump -0 -f - /dev/vg0/usr | restore -r -f - rm restoresymtable cd /mnt/var dump -0 -f - /dev/vg0/var | restore -r -f - rm restoresymtable cd /mnt/home dump -0 -f - /dev/vg0/home | restore -r -f - rm restoresymtable cd /mnt/boot dump -0 -f - /dev/hda1 | restore -r -f - rm restoresymtable </pre> No need to dump/restore /tmp === chroot to new system === <pre> mkdir /mnt/dev/pts mount -t devpts devpts /mnt/dev/pts mount -t sysfs sysfs /mnt/sys mount -t proc proc /mnt/proc mkdir /mnt/dev/shm mount -t tmpfs tmpfs /mnt/dev/shm chroot /mnt start_udev </pre> === adjust /etc/fstab === <pre> [root@centos /]# cat /etc/fstab /dev/vg1/root / ext3 noatime 1 1 /dev/vg1/tmp /tmp ext2 noatime 1 2 /dev/vg1/home /home ext3 noatime 1 2 /dev/vg1/var /var ext3 noatime 1 2 /dev/vg1/usr /usr ext3 noatime 1 2 /dev/md0 /boot ext2 noatime 1 2 tmpfs /dev/shm tmpfs defaults 0 0 devpts /dev/pts devpts gid=5,mode=620 0 0 sysfs /sys sysfs defaults 0 0 proc /proc proc defaults 0 0 LABEL=swapb swap swap pri=1 0 0 </pre> === adjust /etc/grub.conf === <pre> default=1 timeout=5 #splashimage=(hd0,0)/grub/splash.xpm.gz hiddenmenu title CentOS (2.6.18-128.2.1.el5) root (hd0,0) kernel /vmlinuz-2.6.18-128.2.1.el5 ro root=/dev/vg0/root initrd /initrd-2.6.18-128.2.1.el5.img title CentOS (2.6.18-128.2.1.el5) root (hd1,0) kernel /vmlinuz-2.6.18-128.2.1.el5 ro root=/dev/vg1/root initrd /initrd-2.6.18-128.2.1.el5.img </pre> === adjust /etc/mdadm.conf === <pre> DEVICE partitions MAILADDR root ARRAY /dev/md0 level=raid1 num-devices=2 UUID=8ca072a8:085c91c0:52eada7c:6cc0931c ARRAY /dev/md1 level=raid1 num-devices=2 UUID=898f5b3c:670dcb6c:d422cdf5:eddafb24 </pre> === recreate initrd image === <pre> cd /boot mkinitrd -f initrd-2.6.18-128.2.1.el5.img -v 2.6.18-128.2.1.el5 </pre> === copy new grub.conf to old disk === exit # from chroot cp /mnt/etc/grub.conf /etc/grub.conf === Update bootloader configuration === grub-install --recheck /dev/hda === reboot to new system on the raid === reboot === verify new installation === Make sure system is operational and everything is in order. Up to this step all changes made were non-destructive and you could boot your old system from the grub menu. === Delete old volume group === This step is not really necessary, you could have reformatted the first disk, but this OS-friendly approach. lvremove /dev/vg0/root lvremove /dev/vg0/usr lvremove /dev/vg0/var lvremove /dev/vg0/tmp lvremove /dev/vg0/swap vgremove vg0 pvremove /dev/hda2 === delete and create new partitions on the old disk === You the same commands as before <pre> [root@centos ~]# fdisk -l /dev/hda Disk /dev/hda: 20.0 GB, 20020396032 bytes 255 heads, 63 sectors/track, 2434 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Device Boot Start End Blocks Id System /dev/hda1 1 13 104391 fd Linux raid autodetect /dev/hda2 14 76 506047+ 82 Linux swap / Solaris /dev/hda3 77 2434 18940635 fd Linux raid autodetect </pre> === Add additional swap === <pre> mkswap -L swapa /dev/hda2 </pre> Add entry to /etc/fstab LABEL=swapa swap swap pri=1 0 0 === Add partitions to raid === mdadm --add /dev/md0 /dev/hda1 mdadm --add /dev/md1 /dev/hda3 wait until RAID fully synchronized: <pre> # watch cat /proc/mdstat Every 2.0s: cat /proc/mdstat Wed Jul 22 18:21:38 2009 Personalities : [raid1] md0 : active raid1 hda1[1] hdb1[0] 104320 blocks [2/2] [UU] md1 : active raid1 hda3[2] hdb3[0] 18940544 blocks [2/1] [U_] [=>...................] recovery = 7.3% (1398400/18940544) finish=11.3min speed=25826K/sec unused devices: <none> </pre> ===Adjust grub.conf === <pre> default=0 timeout=5 hiddenmenu title CentOS (2.6.18-128.2.1.el5) root (hd0,0) kernel /vmlinuz-2.6.18-128.2.1.el5 ro root=/dev/vg1/root initrd /initrd-2.6.18-128.2.1.el5.img </pre> === Install bootloader on second disk === <pre> # grub grub> device (hd0) /dev/hdb grub> root (hd0,0) grub> setup (hd0) grub> quit </pre> === Final reboot === shutdown -r now '''Enjoy''' 3df80a039ec88e671f312ac3ed5e1f8a91027ca5 0 38 300 127 2009-08-04T21:36:25Z Vvc 1 wikitext text/x-wiki [[Sendmail Configuration]] [[Cleaning AIX fileset]] 23c212e6e2b2613917aa989a2182d381cb4b4cf4 0 83 316 2009-09-11T17:24:51Z Vvc 1 Created page with '[[Process Server Installation]]' wikitext text/x-wiki [[Process Server Installation]] 5037e20010c06ea1990eb3a59eda8c7b6449b2a0 0 82 317 315 2009-09-11T17:32:09Z Vvc 1 wikitext text/x-wiki ==Main Install Silent== Copy the install image to the host where you are running the installation. <pre> mkdir /var/tmp/wpsinstall cd /var/tmp/wpsinstall cp /mnt/ProcessServer_64bit_C1M4RML.gz . cp /mnt/ProcessServer.6.2.MainInstall.txt . gunzip ProcessServer_64bit_C1M4RML.gz tar -xvf ProcessServer_64bit_C1M4RML cd WBI ./install -options ../ProcessServer.6.2.MainInstall.txt -silent </pre> ==Apply Updates Silent== The procedure below can be used for any fix pack, or interim fix. <pre> cd /usr/IBM/UpdateInstaller/ cp /mnt/<file>.pak maintenance/ cp /mnt/ProcessServer.6.2.UpdateInstaller.txt responsefiles/ ./update.sh -options responsefiles/ProcessServer.6.2.UpdateInstaller.txt -silent </pre> ==Response files== [[media:ProcessServer.6.2.MainInstall.txt|ProcessServer.6.2.MainInstall.txt ]] [[media:ProcessServer.6.2.UpdateInstaller.txt|ProcessServer.6.2.UpdateInstaller.txt]] 53fb3723b711a7ac93b1532e9555e9d5ae555a76 6 84 318 2009-09-11T17:42:04Z Vvc 1 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 6 85 319 2009-09-11T17:42:13Z Vvc 1 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 0 86 321 2009-10-07T14:18:22Z Vvc 1 Perl trick wikitext text/x-wiki *Replace a field number 18 in multple files "in-place" for i in REG*D* REG*T* ; do perl -i -lane '$F[18]=500 if /rgmqrcx/;print "@F"' $i/rgconfig.ini ; done 037bdfd4b7806c8a2c9b4042a49d92766b8ce1be 0 87 324 323 2009-10-15T20:47:56Z Vvc 1 wikitext text/x-wiki select NODE_NAME, FILESPACE_NAME, date(BACKUP_START) from filespaces where BACKUP_START < (current_timestamp - (90)day) b16f220de2cf1e1d92af20bb1e7ffafa00cbdbf3 0 30 337 116 2009-11-21T21:10:55Z Vvc 1 wikitext text/x-wiki == Automatic server recovery with APCUPSD == * Setup BIOS to recover "LAST" power state * Make OS to halt on power loss :/etc/apcupsd/doshutdown <source lang="bash"> #!/bin/sh /sbin/shutdown -h -H now "apcupsd UPS ${1} initiated shutdown" exit 99 </source> * If UPS supports it, power-off UPS, so if power returns before battery is completely exhausted, UPS and the server will get restarted. : /sbin/halt.local <source lang="bash"> #!/bin/sh # See if this is a powerfail situation. if [ -f /etc/apcupsd/powerfail ]; then echo echo "APCUPSD will now power off the UPS" echo /etc/apcupsd/apccontrol killpower fi </source> bea5cc35656756321a443ea98968475445026bc4 0 79 367 366 2009-12-05T21:20:36Z Vvc 1 wikitext text/x-wiki === Configuration files === * /etc/hosts <pre> 127.0.0.1 localhost 10.10.10.20 c20.chepkov.lan c20 10.10.10.21 c21.chepkov.lan c21 </pre> * /etc/ha.d/ha.cf <pre> crm yes use_logd on udpport 694 bcast eth0 keepalive 1 warntime 5 deadtime 15 initdead 60 node c20.chepkov.lan node c21.chepkov.lan # Ping default host ping 10.10.10.250 respawn root /usr/lib64/heartbeat/pingd -m 200 -d 5 deadping 10 </pre> * /etc/ha.d/authkeys <pre> auth 1 1 sha1 3c2749538df51665ad8dfab76a6d90f7 </pre> chmod 0600 /etc/ha.d/authkeys * /var/lib/heartbeat/crm/cib.xml <source lang="xml"> <cib admin_epoch="0" num_updates="1" epoch="1" > <configuration> <crm_config/> <nodes/> <resources/> <constraints/> </configuration> </cib> </source> * /etc/logd.conf logfacility local2 * /etc/syslog.conf local2.* /var/log/heartbeat.log touch /var/log/heartbeat.log ===Initial configuration=== * crm_config crm_attribute --attr-name symmetric-cluster --attr-value true crm_attribute --attr-name default-resource-stickiness --attr-value 1000 crm_attribute --attr-name stonith-enabled --attr-value false * constraints <constraints> <rsc_location id="location_rg0" rsc="rg0"> <rule id="prefered_location_rg0" score="100"> <expression attribute="#uname" operation="eq" value="c20.chepkov.lan"/> </rule> </rsc_location> <rsc_location id="location_rg1" rsc="rg1"> <rule id="prefered_location_rg1" score="100"> <expression attribute="#uname" operation="eq" value="c21.chepkov.lan"/> </rule> </rsc_location> <rsc_location id="rg0-needs-ping" rsc="rg0"> <rule score="-INFINITY" boolean_op="or"> <expression attribute="pingd" operation="not_defined"/> <expression attribute="pingd" operation="lte" value="0"/> </rule> </rsc_location> <rsc_location id="rg1-needs-ping" rsc="rg1"> <rule score="-INFINITY" boolean_op="or"> <expression attribute="pingd" operation="not_defined"/> <expression attribute="pingd" operation="lte" value="0"/> </rule> </rsc_location> </constraints> </source> cibadmin -R -o constraints -x constraints.xml * resources <source lang="xml"> <resources> <group id="rg0"> <primitive id="ip_rg0" class="ocf" type="IPaddr2" provider="heartbeat"> <instance_attributes> <attributes> <nvpair name="ip" value="10.10.10.22"/> <nvpair name="nic" value="eth0"/> <nvpair name="cidr_netmask" value="255.255.255.255"/> </attributes> </instance_attributes> </primitive> <primitive id="drbd_u00" class="heartbeat" type="drbddisk" provider="heartbeat"> <instance_attributes> <attributes> <nvpair name="1" value="u00"/> </attributes> </instance_attributes> </primitive> <primitive id="fs_u00" class="ocf" type="Filesystem" provider="heartbeat"> <instance_attributes> <attributes> <nvpair name="device" value="/dev/drbd0"/> <nvpair name="directory" value="/u00"/> <nvpair name="fstype" value="ext3"/> <nvpair name="options" value="noatime"/> </attributes> </instance_attributes> </primitive> </group> </resources> </source> cibadmin -R -o resources -x resources.xml ===Heartbeat Cluster operations=== * check cluster status crm_mon -1 -r * Migrate Resource group to specific node without creating constraint crm_resource -M -f -Q -r rg0 -H c20.chepkov.lan Wait until resource will be migrated, then crm_resource -U -r rg0 * Mark resource unmanageable by cluster crm_resource -p is_managed -r apache_svn -t primitive -v off * Stop resource crm_resource --meta -r rg0 -p target_role -v stopped * Remove stopped role crm_resource --meta -r rg0 -d target_role 5a5ea36e8b3f5806f2150e9734cb5d0854caac97 0 81 374 312 2009-12-09T01:17:34Z Vvc 1 wikitext text/x-wiki * Install required packages yum install openldap-servers openldap-clients nss_ldap * generate admin user password <pre> [root@centos64 ~]# slappasswd New password: Re-enter new password: {SSHA}KaqRGp1hT8E8s6pqdtyAamWxXxVRODZ9 </pre> * update '''/etc/openldap/slapd.conf''' <pre> database bdb suffix "dc=chepkov,dc=lan" rootdn "cn=root,dc=chepkov,dc=lan" rootpw {SSHA}KaqRGp1hT8E8s6pqdtyAamWxXxVRODZ9 access to attrs="userPassword" by anonymous auth by self write by * none access to * by users read by * none </pre> * copy DB_CONFIG in place <pre> cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG chown ldap:ldap /var/lib/ldap/DB_CONFIG </pre> * start ldap server chkconfig ldap on service ldap start * edit '''/usr/share/openldap/migration/migrate_common.ph''' <pre> $DEFAULT_MAIL_DOMAIN = "chepkov.lan"; $DEFAULT_BASE = "dc=chepkov,dc=lan"; </pre> * populate basic entries /usr/share/openldap/migration/migrate_base.pl |ldapadd -x -D "cn=root,dc=chepkov,dc=lan" -W * create a user template from root user grep ^root /etc/passwd | /usr/share/openldap/migration/migrate_passwd.pl - > /tmp/testuser.ldiff * edit '''/tmp/testuser.ldiff''': <pre> dn: uid=testuser,ou=People,dc=chepkov,dc=lan uid: testuser cn: testuser objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount userPassword: {crypt}$1$33w5rgPO$bd.N.h6yMRiiCPvRLAJPV. shadowLastChange: 14481 shadowMax: 99999 shadowWarning: 7 loginShell: /bin/bash uidNumber: 1000 gidNumber: 100 homeDirectory: /home/testuser gecos: Test User </pre> * Add testuser ldapadd -x -D "cn=root,dc=chepkov,dc=lan" -W -f /tmp/testuser.ldiff * enable pam_ldap authconfig --update --enableldap --enableldapauth --ldapserver="centos64.chepkov.lan" \ --ldapbasedn="dc=chepkov,dc=lan" --enablelocauthorize --enablemkhomedir * update /etc/ldap.conf <pre> # The distinguished name to bind to the server with # if the effective user ID is root. Password is # stored in /etc/ldap.secret (mode 600) rootbinddn cn=root,dc=chepkov,dc=lan </pre> * Now you can change testuser password using regular passwd utility passwd testuser * and login as testuser <pre> [root@centos64 migration]# ssh testuser@localhost testuser@localhost's password: Creating directory '/home/testuser'. [testuser@centos64 ~]$ id uid=1000(testuser) gid=100(users) groups=100(users) </pre> * Enjoy 7cfac926858957b4f5d1459ecd52036685575b30 0 91 394 393 2010-04-01T16:13:46Z Vvc 1 wikitext text/x-wiki '''On both members of the cluster''' * /etc/modprobe.conf options drbd disable_sendpage=1 * /etc/lvm/lvm.conf filter = [ "r|/dev/cdrom|", "r|/dev/drbd.*|" ] * create logical volume lvcreate --size 320G --name vsvn vg1 * /etc/drbd.conf Make sure device name and port numbers are unique <pre> resource vsvn { net { allow-two-primaries; } on xen-11.dev.videonext.net { device /dev/drbd2; disk /dev/vg1/vsvn; address 10.0.0.1:7787; flexible-meta-disk internal; } on xen-12.dev.videonext.net { device /dev/drbd2; disk /dev/vg1/vsvn; address 10.0.0.2:7787; flexible-meta-disk internal; } } </pre> * Create drbd device drbdadm create-md vsvn * Bring it up drbdadm up vsvn * Make sure resource is in ''Connected'' state <pre> # cat /proc/drbd 2: cs:Connected ro:Secondary/Secondary ds:Inconsistent/Inconsistent C r---- ns:0 nr:0 dw:0 dr:0 al:0 bm:0 lo:0 pe:0 ua:0 ap:0 ep:1 wo:b oos:335534044 </pre> * initialize meta-data (run this command on one of the servers) drbdadm -- --clear-bitmap new-current-uuid vsvn * Make sure resource is ''UpToDate'' <pre> # cat /proc/drbd 2: cs:Connected ro:Secondary/Secondary ds:UpToDate/UpToDate C r---- ns:0 nr:0 dw:0 dr:0 al:0 bm:0 lo:0 pe:0 ua:0 ap:0 ep:1 wo:b oos:0 </pre> * Make resource is primary on one of the host, where you intend to run installation process drbdadm primary vsvn * install VM, for example <pre> virt-install --name vsvn --ram=512 --vcpus=1 -p --disk=path=/dev/drbd/by-res/vsvn \ --nographics --location=http://ftp.videonext.net/private/CentOS/5.4/x86_64/os \ --extra-args="noipv6 headless clocksource=jiffies dhcpclass=intserver ks=http://noc.videonext.net/cfg/vsvn.cfg" </pre> * After installation complete Make sure you have copies of you new initrd and vmlinuz in /xen/, they can be shared between different VM, but proper kernel version number needs to be installed in VM as well, if not just scp /boot/initrd* and /boot/vmlinuz* from VM to xen-11:/xen/ * Shutdown VM xm shutdown vsvn * Create configuration file xen-11, it will be propagated to xen-12 via rsync automatically cp /etc/xen/vsvn /xen/vsvn.cfg vi /xen/vsvn.cfg replace bootloader with kernel,ramdisk,extra; modify disk definition to use drbd block device cat /xen/vsvn.cfg <pre> name = "vsvn" uuid = "73ff1420-cc5e-ebfc-9046-b25e5e6b5b6f" maxmem = 512 memory = 512 vcpus = 1 kernel = "/xen/vmlinuz-2.6.18-164.15.1.el5xen" ramdisk = "/xen/initrd-2.6.18-164.15.1.el5xen.img" extra = "ro root=/dev/xvda1 console=xvc0" on_poweroff = "destroy" on_reboot = "restart" on_crash = "restart" disk = [ "drbd:vsvn,xvda,w" ] vif = [ "mac=00:16:36:4e:40:e1,bridge=xenbr0,script=vif-bridge" ] </pre> * make sure xen relocation is enabled <pre> grep ^\(xend-relocation /etc/xen/xend-config.sxp (xend-relocation-server yes) (xend-relocation-port 8002) (xend-relocation-address '') (xend-relocation-hosts-allow '') </pre> * create Pacemaker resource <pre> crm configure primitive xen_vsvn ocf:heartbeat:Xen \ params xmfile="/xen/vsvn.cfg" \ op start interval="0" timeout="60" \ op stop interval="0" timeout="300" \ op monitor start-delay="120" interval="60" timeout="30" \ meta allow-migrate="true" </pre> * Enjoy # crm resource show xen_vsvn resource xen_vsvn is running on: xen-12.dev.videonext.net 5ae62d63faed97831c8f724ba4201b1f2b0a0132 0 75 396 395 2010-04-04T12:40:55Z Vvc 1 wikitext text/x-wiki ===Installing grub on RAID1 === <pre> # /etc/fstab /dev/md0 /boot ext2 noatime 1 2 </pre> <pre> cat /proc/mdstat Personalities : [raid1] [raid6] [raid5] [raid4] md0 : active raid1 sda1[0] sdb1[1] 62848 blocks [2/2] [UU] </pre> :Install grub on the first disk <pre> grub-install /dev/sda </pre> :Install grub on the second disk <pre> # grub grub> device (hd0) /dev/sdb grub> root (hd0,0) grub> setup (hd0) </pre> Make sure md device stays synchronized <pre> echo repair >/sys/block/md0/md/sync_action echo check >/sys/block/md0/md/sync_action cat /sys/block/md0/md/mismatch_cnt </pre> 846357f2ce203382e92c68eefe86d4bf02900c27 6 92 398 2010-04-04T13:45:20Z Vvc 1 Powered by Centos wikitext text/x-wiki Powered by Centos 1389ba91742e6333227a4e167f18807d5c7fba4c 0 23 400 385 2010-04-05T14:32:00Z Vvc 1 added slashes wikitext text/x-wiki * project.max-sem-ids: Maximum semaphore IDs for a project. Replaces semmni * process.max-sem-nsems: Maximum number of semaphores allowed per semaphore set. Replaces semmsl * process.max-sem-ops: Maximum number of semaphore operations allowed per semop. Replaces semopm * project.max-shm-memory: Maximum allowable shared memory segment size. Replaces shmmax * project.max-shm-ids: Maximum allowable number of shared memory segments. Replaces shmmni <pre> prctl -n project.max-sem-ids $$ prctl -n process.max-sem-nsems $$ prctl -n process.max-sem-ops $$ </pre> ===Recommended Settings for IBM MQ Series users=== <pre> projadd -c "WebSphere MQ default settings" \ -K "process.max-file-descriptor=(basic,10000,deny)" \ -K "project.max-shm-memory=(priv,8GB,deny)" \ -K "project.max-shm-ids=(priv,1024,deny)" \ -K "process.max-sem-nsems=(priv,4096,deny)" \ -K "process.max-sem-ops=(priv,4096,deny)" \ -K "project.max-sem-ids=(priv,1024,deny)" mqm usermod -K project=mqm username </pre> f07450f2a6d20bb2253f9144e667618631a711bf 14 93 409 2010-04-08T04:47:18Z Vvc 1 Created page with 'High Availability Solutions' wikitext text/x-wiki High Availability Solutions 2a194f24b03f9f3775383ca1a1ae1db507632c51 0 94 424 2010-05-16T22:55:04Z Vvc 1 Persistent device name wikitext text/x-wiki ===Persistent device name in Linux=== Sometimes it's necessary to have a persistent device name, in case block device name changes, for [[DRBD]] for instance. Lets say we need always be able to refer to a particular partition of a particular ATA disk. <br> Since it can be /dev/hda, /dev/sda or /dev/sdb we can't rely on this name to stay permanent.<br> To solve this create a following udev rule in '''/etc/udev/rules.d/local.rules''' KERNEL=="sd*[0-9]", PROGRAM=="/lib/udev/ata_id /dev/%b", RESULT=="ST3750640AS_3QD13TE9", SYMLINK+="diskB%n" RESULT is a unique string returned by /lib/udev/ata_id /dev/sdb, for example <pre> # start_udev # ls -l /dev/diskB* lrwxrwxrwx 1 root root 4 May 16 22:31 /dev/diskB1 -> sdb1 lrwxrwxrwx 1 root root 4 May 16 22:31 /dev/diskB2 -> sdb2 </pre> Now you can use '''/dev/diskB1''' in drbd.conf reliably. [[Category:Linux]] 776552cc67c7ec79d3a3d63a9114c3d8cb10311b 14 96 435 2010-06-04T19:44:06Z Vvc 1 Created page with 'DRBD (http://www.drbd.org/) related articles' wikitext text/x-wiki DRBD (http://www.drbd.org/) related articles dfb97b866545eacdc87314589de35347387124e1 0 95 438 434 2010-06-05T01:58:42Z Vvc 1 wikitext text/x-wiki [[Category:DRBD]] How to build kernel, DRBD on PPC64 platform * kernel ** set '''CONFIG_PPC_64K_PAGES=n''' in kernel-2.6.18-ppc64.config ** comment out path '''Patch23256: linux-2.6-ppc64-subpage-protection-for-pave.patch''' in kernel-2.6.spec ** '''%define buildid .vvc''' in kernel-2.6.spec ** compile: setarch ppc64 rpmbuild -ba --target ppc64 --with baseonly --without kabichk --without debuginfo kernel-2.6.spec ecf6af0485b1ccadb72def418e47bb8b2c9dc889 0 97 444 443 2010-06-06T15:13:25Z Vvc 1 /* Setup initiator */ wikitext text/x-wiki =iSCSI setup= __NOTITLE__ == Setup a target == * install packages yum install scsi-target-utils * add targets and allowed hosts to the config file '''/etc/tgt/targets.conf''' <pre> default-driver iscsi <target iqn.2010-05.lan.chepkov:centos> backing-store /dev/centos/target1 backing-store /dev/centos/target2 vendor_id VVC initiator-address 10.10.10.19 initiator-address 10.10.10.20 initiator-address 10.10.10.21 </target> </pre> * enable and start the service chkconfig tgtd on service tgtd start == Setup an initiator == * install packages yum install iscsi-initiator-utils * create udev rules to get persistent names '''/etc/udev/rules.d/local.rules''' <pre> KERNEL=="sd*[a-z]", BUS=="scsi", SYSFS{vendor}=="VVC", PROGRAM="/etc/udev/scripts/iscsidev.sh %b",SYMLINK+="iscsi/%c{1}/lun%c{2}/disk" KERNEL=="sd*[0-9]", BUS=="scsi", SYSFS{vendor}=="VVC", PROGRAM="/etc/udev/scripts/iscsidev.sh %b",SYMLINK+="iscsi/%c{1}/lun%c{2}/part%n" </pre> '''/etc/udev/scripts/iscsidev.sh''' <source lang="bash"> #!/bin/sh BUS=${1} HOST=${BUS%%:*} LUN=`echo ${BUS} | cut -d":" -f4` [ -e /sys/class/iscsi_host ] || exit 1 file="/sys/class/iscsi_host/host${HOST}/device/session*/iscsi_session*/targetname" target_name=$(cat ${file} | cut -d":" -f2 | sed 's/\./_/') logger "iscsidev called with $1 and returned ${target_name} ${LUN}" echo "${target_name} ${LUN}" </source> * start iscsid and discover the targets service iscsid start iscsiadm -m discovery -t sendtargets -p 10.10.10.55 * enable and start service chkconfig iscsi on service iscsi off * check it out <pre> # ls -lR /dev/iscsi/ /dev/iscsi/: total 0 drwxr-xr-x 4 root root 80 Jun 6 13:56 centos /dev/iscsi/centos: total 0 drwxr-xr-x 2 root root 80 Jun 6 13:58 lun1 drwxr-xr-x 2 root root 80 Jun 6 13:58 lun2 /dev/iscsi/centos/lun1: total 0 lrwxrwxrwx 1 root root 12 Jun 6 13:56 disk -> ../../../sda lrwxrwxrwx 1 root root 13 Jun 6 13:58 part1 -> ../../../sda1 /dev/iscsi/centos/lun2: total 0 lrwxrwxrwx 1 root root 12 Jun 6 13:56 disk -> ../../../sdb lrwxrwxrwx 1 root root 13 Jun 6 13:58 part1 -> ../../../sdb1 </pre> 609ef74bbb98cdf28a3f1709d2bdc717c15bf54b 0 3 449 322 2010-07-02T01:08:47Z Vvc 1 wikitext text/x-wiki [[inetd HTTP server]] [[patch]] [[Spamassassin watchdog]] [[OpenSSH tunnels]] [[PHP Debug]] [[Secure Tomcat]] [[procmail auto-reply]] [[Bind]] [[Perl]] [[TSM]] [[DRAC]] 67a7d690c2ad7721e9d65f04d6a5482fb3dac438 490 449 2012-07-26T19:12:42Z Vvc 1 wikitext text/x-wiki [[inetd HTTP server]] [[patch]] [[Spamassassin watchdog]] [[OpenSSH tunnels]] [[PHP Debug]] [[Secure Tomcat]] [[procmail auto-reply]] [[Bind]] [[Perl]] [[TSM]] [[DRAC]] [[mod_nss]] 2879cf3f4183484a9d67cb86bbe7150a237b206a 491 490 2012-07-26T19:14:49Z Vvc 1 wikitext text/x-wiki [[inetd HTTP server]] [[patch]] [[Spamassassin watchdog]] [[OpenSSH tunnels]] [[PHP Debug]] [[Secure Tomcat]] [[procmail auto-reply]] [[Bind]] [[Perl]] [[TSM]] [[DRAC]] [[mod__nss]] 930a8d18e78b4cac20145b9e2a79c51dc474714e 492 491 2012-07-26T19:15:08Z Vvc 1 wikitext text/x-wiki [[inetd HTTP server]] [[patch]] [[Spamassassin watchdog]] [[OpenSSH tunnels]] [[PHP Debug]] [[Secure Tomcat]] [[procmail auto-reply]] [[Bind]] [[Perl]] [[TSM]] [[DRAC]] [[mod_nss|mod__nss]] ac735b6a84792e4b47a2a689abff675787626d2d 493 492 2012-07-26T19:15:19Z Vvc 1 wikitext text/x-wiki [[inetd HTTP server]] [[patch]] [[Spamassassin watchdog]] [[OpenSSH tunnels]] [[PHP Debug]] [[Secure Tomcat]] [[procmail auto-reply]] [[Bind]] [[Perl]] [[TSM]] [[DRAC]] [[mod__nss|mod_nss]] 041873e93a6207cd721934d547095305e5561290 0 13 456 455 2010-07-16T17:15:01Z Dburdick 2 /* Create openssl config file */ wikitext text/x-wiki === Create openssl config file === Here is an example of server.cnf <pre> [ req ] default_bits = 2048 default_md = sha1 distinguished_name = req_dn req_extensions = cert_type prompt = no [ req_dn ] # country (2 letter code) C=US # State or Province Name (full name) ST=Missouri # Locality Name (eg. city) L=St. Louis # Organization (eg. company) O=IVK/VVC # Organizational Unit Name (eg. section) OU=VPS1 server # Common Name (*.example.com is also possible) CN=vps1.chepkov.com # E-mail contact emailAddress=root@ivk.com.au [ cert_type ] keyUsage=digitalSignature,keyEncipherment extendedKeyUsage=serverAuth subjectAltName=IP:209.20.74.232,DNS:vps1.chepkov.com,DNS:ivk.com.au </pre> *Note: Using a file like this with ''subjectAltName'' is the only way to generate a request that will result in a certificate that is valid for more than one ''name''. === Generate server private key === openssl genrsa -out server.key 2048 === Generate certificate request === openssl req -new -key server.key -out server.csr -config server.cnf Now you need to send your request to a certificate authority or if you have your own, sign the request (see [[Managing_Certificate_Authority#Signing_Certificate_Request|example]]) You will get server certificate server.crt [[Category:OpenSSL]] f0b5ee4d59ae5c328647f8b1b8863b140d123aeb 0 99 457 454 2010-07-16T19:25:11Z Vvc 1 wikitext text/x-wiki ===Block ssh brutal force attack === * /etc/modprobe.conf options ipt_recent ip_list_tot=200 ip_pkt_list_tot=15 ip_list_hash_size=0 * /etc/sysconfig/iptables <pre> *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :IN - [0:0] :blacklist - [0:0] :ssh - [0:0] -A INPUT -j IN -A FORWARD -j IN -A IN -i lo -j ACCEPT -A IN -p icmp --icmp-type any -j ACCEPT -A IN -m state --state INVALID -j DROP -A IN -m state --state ESTABLISHED,RELATED -j ACCEPT # SSH handler -A IN -m state --state NEW -m tcp -p tcp --syn --dport ssh -j ssh -A blacklist -m recent --name blacklist --set -j DROP -A ssh -m recent --update --name blacklist --seconds 600 --hitcount 1 -j DROP -A ssh -m recent --set --name sshcount -A ssh -m recent --rcheck --name sshcount --seconds 60 --hitcount 10 -j blacklist -A ssh -j ACCEPT # Other services -A IN -m state --state NEW -m tcp -p tcp --syn --dport http -j ACCEPT -A IN -j REJECT --reject-with icmp-host-prohibited COMMIT </pre> : Make sure ''ip_pkt_list_tot'' is big enough to fit ''hitcount'' This firewall configuration "blacklist"s any IP, which tries to establish an ssh connection more then 10 times in any given 60 seconds interval.<br> The IP will be blacklisted for 600 seconds, as long as no new packets arrived from this IP during this grace period, otherwise, the timer will be reset to 0 with each new packet. Observe your good work: watch cat /proc/net/ipt_recent/blacklist 6d50e0ee4c9e666ec8fff38d7d572cd14b81307e 0 101 463 462 2010-08-15T17:42:06Z Vvc 1 wikitext text/x-wiki DRBD requires a custom kernel on PPC platform * install standard SRPM rpmdev-setuptree rpm -i http://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-194.11.1.el5.src.rpm * modify source files sed -i -e 's/^CONFIG_PPC_64K_PAGES.*/CONFIG_PPC_64K_PAGES=n/' ~/rpmbuild/SOURCES/kernel-2.6.18-ppc64.config sed -i -e 's/\(%patch23256 .*\)/#\1/' ~/rpmbuild/SPECS/kernel-2.6.spec sed -i -e 's/.*define buildid/%define buildid .vvc/' ~/rpmbuild/SPECS/kernel-2.6.spec * build kernel setarch ppc64 rpmbuild -ba --target ppc64 --with baseonly --without kabichk ~/rpmbuild/SPECS/kernel-2.6.spec [[Category:Linux]] [[Category:DRBD]] c873fedd5990c9beca6f669ea655b9e7d27adb10 0 80 464 301 2010-08-25T21:51:45Z Vvc 1 wikitext text/x-wiki ===Using Script=== <source lang="bash"> #!/bin/ksh # # # NAME: mqsi61_odmcleanup # # PURPOSE: To cleanup any remaining entries left in the AIX # ODM after uninstalling WMB v6.1 # # DISCLAIMER: Provided AS-IS # cleanup_odm () { echo "Deleting matching entries for $FILESET_PREFIX* from $ODMDIR" # Delete from history for i in `odmget -q "name like $FILESET_PREFIX*" lpp | grep lpp_id | awk '{ print $3 }'` do odmdelete -o history -q lpp_id=$i done # Delete from inventory for i in `odmget -q "name like $FILESET_PREFIX*" lpp | grep lpp_id | awk '{ print $3 }'` do odmdelete -o inventory -q lpp_id=$i done # Delete from vendor for i in `odmget -q "name like $FILESET_PREFIX*" lpp | grep lpp_id | awk '{ print $3 }'` do odmdelete -o vendor -q lpp_id=$i done # Delete from product odmdelete -o product -q "name like $FILESET_PREFIX*" # Delete from lpp odmdelete -o lpp -q "name like $FILESET_PREFIX*" } #-----------------End of functions-------------------------- #-----------------Main Routine------------------------------ # Delete all entries with a name beginning "mqsi61" FILESET_PREFIX="mqsi61" # Delete entries from /usr/lib ODM database ODMDIR=/usr/lib/objrepos export ODMDIR cleanup_odm; # Delete entries from /etc ODM database ODMDIR=/etc/objrepos export ODMDIR cleanup_odm; #-----------------End of Main Routine----------------------- </source> ===Manually=== <pre> 1. Uninstall the product using the uninstaller. 2. Compile a list of GUIDs (or UIDs) for your product. These are referenced in the Key for each Product, Feature, and Component in your project. 3. For each GUID, determine if it is referenced in any of the five classes in the SWVPD: i) To search the lpp class run: ODMDIR=/usr/lib/objrepos odmget -q "name = GUID" lpp If the GUID is found, you will see output like the following: lpp: name = "Product GUID" size = 0 state = 5 cp_flag = 131345 group = "" magic_letter = "" ver = 1 rel = 1 mod = 0 fix = 0 description = "Description of Product" lpp_id = 1043 - Record the lpp_id associated with each GUID as shown in the output of this command. - For each entry found, run the following command to remove it: ODMDIR=/usr/lib/objrepos odmdelete -o lpp -q "name = Product GUID" To verify the entry was removed, rerun the command(there should be no output): ODMDIR=/usr/lib/objrepos odmget -q "name = GUID" lpp ii) To search the product class run: ODMDIR=/usr/lib/objrepos odmget -q "lpp_name = Product GUID" product If the GUID is found, you will see output like the following: product: lpp_name = "Product GUID" comp_id = "" update = 0 cp_flag = 131345 fesn = "" name = "Product GUID" state = 5 ver = 1 rel = 1 mod = 0 fix = 0 ptf = "" media = 0 sceded_by = "" fixinfo = "" prereq = "" description = "Description of Product" supersedes = "" - For each entry found, run the following command to remove it: ODMDIR=/usr/lib/objrepos odmdelete -o product -q "lpp_name = Product GUID" To verify the entry was removed, rerun the command(there should be no output): ODMDIR=/usr/lib/objrepos odmget -q "lpp_name = Product GUID" product iii)To search the vendor class run: ODMDIR=/usr/lib/objrepos odmget -q "GUID = Product GUID" vendor If the GUID is found, you will see output like the following: vendor: GUID = "Product GUID" ver = 1 rel = 1 mod = 0 fix = 0 type = 1 ddir = "install/directory" uninstaller = "location/of/uninstaller" msgcat = "" msgnumber = 0 msgset = 0 lpp_id = 1043 PGUID = "Parent GUID" time = 1023223295 instance = 1 description = "Description of Product" misc1 = "" misc2 = "" misc3 = "" Note that the lpp_id is also included in this record. - For each entry found, run the following command to remove it: ODMDIR=/usr/lib/objrepos odmdelete -o vendor -q "GUID = Product GUID" To verify the entry was removed, rerun the command(there should be no output): ODMDIR=/usr/lib/objrepos odmget -q "GUID = Product GUID" vendor iv) To search the history class, you must use the lpp_id (takes the place of id in the command shown here) that you got from either step i) or step iii) above. Run: ODMDIR=/usr/lib/objrepos odmget -q "lpp_id = id" history If the lpp_id is found, you will see output like the following: history: lpp_id = id event = 2 ver = 1 rel = 1 mod = 0 fix = 0 ptf = "" corr_svn = "" cp_mod = "" cp_fix = "" login_name = "" state = 1 time = 1023223295 comment = "" - For each entry found, run the following command to remove it: ODMDIR=/usr/lib/objrepos odmdelete -o history -q "lpp_id = id" To verify the entry was removed, rerun the command(there should be no output): ODMDIR=/usr/lib/objrepos odmget -q "lpp_id = id" history v) To search the inventory class, you must use the lpp_id (takes the place of id in the command shown here) that you got from either step i) or step iii) above. Note that only Components will have inventory entries (so you don't have to check lpp_id's for Products or Features)Run: ODMDIR=/usr/lib/objrepos odmget -q "lpp_id = id" inventory If the lpp_id is found, you will see output like the following: inventory: lpp_id = id private = 0 file_type = 0 format = 1 loc0 = "location/of/file/installed/with/component loc1 = "" loc2 = "" size = 779 checksum = 25483 Note: You will have an inventory entry for each file that is installed for a particular lpp_id associated with a component, so in most cases, you will see multiple entries after running this comand. To remove all entries for a particular lpp_id, run the command: ODMDIR=/usr/lib/objrepos odmdelete -o inventory -q "lpp_id = id" To verify the entry was removed, rerun the command(there should be no output): ODMDIR=/usr/lib/objrepos odmget -q "lpp_id = id" inventory 4. Finally, make sure that there are no entries for your product in the file /usr/lib/objrepos/vpd.properties. This is a plain ascii file. You can remove any lines that refer to your product simply by deleting them. </pre> b2bad3110a3688b452646ea5fd755739c73ae3f2 0 98 466 465 2010-10-16T22:23:59Z Vvc 1 wikitext text/x-wiki * Configure DRAC network parameters <pre> racadm getconfig -g cfgLanNetworking racadm config -g cfgLanNetworking -o cfgNicIpAddress 166.38.84.157 racadm config -g cfgLanNetworking -o cfgNicNetmask 255.255.255.128 racadm config -g cfgLanNetworking -o cfgNicGateway 166.38.84.254 racadm config -g cfgLanNetworking -o cfgDNSServer1 166.37.218.90 racadm config -g cfgLanNetworking -o cfgDNSServer2 166.33.193.132 racadm config -g cfgLanNetworking -o cfgDNSRacName ndceomp2b racadm config -g cfgLanNetworking -o cfgDNSDomainName vzbi.com racadm getconfig -g cfgLanNetworking </pre> * upload custom certificate <pre> racadm sslcertupload -t 2 -f CA.pem racadm sslkeyupload -t 1 -f ndceomp2b.key racadm sslcertupload -t 1 -f ndceomp2b.crt </pre> * user management <pre> racadm config -g cfgUserAdmin -i 2 -o cfgUserAdminPassword 123456 racadm config -g cfgUserAdmin -i 10 -o cfgUserAdminUserName admin racadm config -g cfgUserAdmin -i 10 -o cfgUserAdminPassword password racadm config -g cfgUserAdmin -i 10 -o cfgUserAdminEnable 1 racadm config -g cfgUserAdmin -i 10 -o cfgUserAdminPrivilege 0x000000f9 racadm config -g cfgUserAdmin -i 10 -o cfgUserAdminIpmiLanPrivilege 4 </pre> 12abdc10537df65936672515adf40ac1fd05d60e 1 56 470 326 2010-10-18T15:16:55Z Vvc 1 wikitext text/x-wiki == Eat your heart out, AT&T == Something to write home about [[Image:FIOS_Speed_Test.png]] 84d650ca211638ca28451c2b9843b566e350f636 0 4 471 9 2010-11-05T19:02:36Z Vvc 1 wikitext text/x-wiki In case you need a place holder or redirector for http server it's easy to implement using the following: Add to /etc/inetd.conf (or similar) <pre> http stream tcp nowait nobody /usr/local/bin/tiny_httpd </pre> Now create the /usr/local/bin/tiny_httpd: <pre> #!/usr/bin/tail -n+2 HTTP/1.1 200 OK Server: Tail_Server/1.0 (Unix) Last-Modified: Sat, 15 Dec 2007 20:00:00 GMT Connection: close Content-Type: text/html <HTML> .... whatever message is required .... </HTML> </pre> 85a7690398f778c50fccc1065f5003e7f5e64d51 0 89 472 436 2011-01-07T03:10:47Z Vvc 1 wikitext text/x-wiki === Configuration === :/etc/mock/site-defaults.cfg config_opts['macros']['%vendor'] = 'Vadym Chepkov' config_opts['macros']['%packager'] = 'Vadym Chepkov <vvc@chepkov.com>' : /etc/mock/epel-5-x86_64.cfg <pre> [vvc] name=vvc baseurl=http://vvc.homeunix.net:8080/rpms/redhat/5/x86_64/ cost=500 </pre> : ~/.rpmmacros <pre> %_topdir %(echo $HOME)/rpmbuild %_smp_mflags -j3 %__arch_install_post /usr/lib/rpm/check-rpaths /usr/lib/rpm/check-buildroot %_gpg_name vvc@chepkov.com %vendor Vadym Chepkov %packager Vadym Chepkov <vvc@chepkov.com> </pre> ===Build drbd kernel module rpm=== <pre> mock -v -r epel-5-x86_64 --init mock -v -r epel-5-x86_64 --install kernel-xen kernel-devel mock -v -r epel-5-x86_64 --no-clean --define='kernelversion 2.6.18-194.3.1.el5xen' drbd-km-8.3.7-13.el5.src.rpm </pre> [[Category:Linux]] [[Category:DRBD]] 04ff57e91ce33e26bd0398b9382b545f88e4b172 0 104 479 478 2011-02-27T23:25:07Z Vvc 1 /* Alert Management */ wikitext text/x-wiki __NOTITLE__ =Dell OpenManage Server administrator= ===Changing user roles=== * modify file '''/opt/dell/srvadmin/etc/omarolemap''' <pre> vchepkov * Administrator </pre> ''For some reason, when ldap is used, group membership syntax does not work in OMSA 6.4'' * restart web connector service dsm_om_connsvc restart ===Alert Management=== This enable e-mails for hardware alerts in OMSA * Create a script to emit e-mails: '''/root/bin/sendalert''' <source lang="bash"> #!/bin/sh LIST=root@localhost HOST=`hostname` ALERT=$1 /bin/mail -s "Hardware Alert" $LIST <<M_S_G OMSA has detected alert $ALERT at $HOST M_S_G </source> * Create a file with events to monitor: '''events''' <pre> batterywarn batteryfail fanwarn fanfail hardwarelogwarn hardwarelogfull intrusion memprefail memfail systempowerwarn systempowerfail systempeakpower powersupply powersupplywarn processorwarn processorfail redundegrad redunlost tempwarn tempfail voltwarn voltfail watchdogasr storagesyswarn storagesysfail storagectrlwarn storagectrlfail pdiskwarn pdiskfail vdiskwarn vdiskfail enclosurewarn enclosurefail storagectrlbatterywarn storagectrlbatteryfail </pre> * Enable events monitoring: <source lang="bash"> for alert in `cat events` ; do echo $alert omconfig system alertaction event=$alert execappath="/root/bin/sendalert $alert" omconfig system alertaction event=$alert broadcast=true done </source> e1d1c579a99983930a522a091e4da8ee16b68cbc 0 71 480 308 2011-03-03T22:52:41Z Vvc 1 wikitext text/x-wiki *To enable time machine to recognize external hard drives defaults write com.apple.systempreferences TMShowUnsupportedNetworkVolumes 1 *Detailed [http://safalra.com/other/time-machine-network-drive/ HOWTO] *Advanced settings [http://timesoftware.free.fr/timemachineeditor/ editor] 1e89f182a05337dd4f2f0db47a6b3d636fcc60a7 0 88 481 437 2011-04-19T03:45:13Z Vvc 1 wikitext text/x-wiki [[Category:DRBD]] * install modules yum install drbd83 kmod-drbd8-xen * adjust ethernet interface settings ''(opional)'' Some ethernet interfaces require this for drbd to work properly :/sbin/ifup-local <source lang="bash"> #!/bin/sh dev=$1 if [ ${dev}x = eth0x ] ; then /sbin/ethtool -K eth0 tx off fi </source> * create /etc/drbd.conf <pre> global { usage-count no; } common { protocol C; startup { wfc-timeout 15; } syncer { rate 50M; verify-alg sha1; } # Fencing only works with pacemaker disk { on-io-error detach; fencing resource-only; } net { after-sb-0pri discard-zero-changes; } handlers { split-brain "/usr/lib/drbd/notify-split-brain.sh root"; out-of-sync "/usr/lib/drbd/notify-out-of-sync.sh root"; fence-peer "/usr/lib/drbd/crm-fence-peer.sh"; after-resync-target "/usr/lib/drbd/crm-unfence-peer.sh"; } } resource u00 { on c20.chepkov.lan { device /dev/drbd0; disk /dev/xvda2; address 10.10.10.20:7789; flexible-meta-disk internal; } on c21.chepkov.lan { device /dev/drbd0; disk /dev/xvda2; address 10.10.10.21:7789; flexible-meta-disk internal; } } </pre> * zero partition dd if=/dev/zero of=/dev/xvda2 bs=1M count=1 sync * create device drbdadm create-md u00 * load driver modprobe -s drbd `drbdadm sh-mod-parms` * create device node drbdadm up u00 * create new array ** fast on clean disks drbdadm -- --clear-bitmap new-current-uuid u00 :* slow on disks used before drbdadm -- --overwrite-data-of-peer primary u00 * make it primary on one node drbdadm primary u00 * create filesystem mkfs -j /dev/drbd0 * update fs parameters tune2fs -e continue -i 0 -c 0 /dev/drbd0 [[Category:Linux]] [[Category:Cluster]] 15a5ba4167ddc8c27fd0faf31a31deda30b5da10 0 90 482 474 2011-04-23T18:27:21Z Vvc 1 /* Pacemaker management */ wikitext text/x-wiki __TOC__ Pacemaker [http://www.clusterlabs.org/rpm/epel-5 repository] === Cluster === {| border="1" cellpadding="5" cellspacing="0" | c20 || node ip || 10.10.10.20 |- | || crossover || 10.0.0.1 |- | c21 || node ip || 10.10.10.21 |- | || crossover || 10.0.0.2 |- | cl1 || virt ip|| 10.10.10.22 |- | /u00 || FS ||/dev/drbd/by-res/u00 |- | cl2 || virt ip || 10.10.10.23 |- | /u01 || FS || /dev/drbd/by-res/u01 |} ===Cluster stack=== You can use either Heartbeat or Corosync, make sure only one is enabled during startup I suggest to change default priorities for the corosync service sed -i -e 's/.*chkconfig:.*/# chkconfig: 345 99 00/' /etc/rc.d/init.d/corosync chkconfig corosync resetpriorities ==== Heartbeat ==== * /etc/ha.d/ha.cf <pre> # Logging debug 1 use_logd false logfacility daemon # Misc Options traditional_compression off compression bz2 coredumps true # Communications udpport 694 bcast eth1 eth0 node c20 node c21 # Thresholds (in seconds) keepalive 1 warntime 6 deadtime 10 initdead 30 pacemaker respawn </pre> * /etc/ha.d/authkeys <pre> auth 1 1 sha1 SecretCode </pre> * fix permissions chmod 400 /etc/ha.d/authkeys * populate heartbeat configuration to c21 [root@c21 ~]# rsync -av c20:/etc/ha.d/ /etc/ha.d/ * start heartbeat daemon on both nodes service heartbeat start ==== Corosync ==== * generate secure key corosync-keygen * create config file '''/etc/corosync/corosync.conf''' on c20 When you have multiple interfaces, separate port numbers by 2, corosync uses port N and N-1 <pre> compatibility: none aisexec { user: root group: root } service { name: pacemaker clustername: chepkov ver: 0 } totem { version: 2 token: 5000 token_retransmits_before_loss_const: 20 join: 1000 consensus: 11000 vsftype: none max_messages: 20 secauth: on threads: 0 clear_node_high_bit: yes rrp_mode: passive interface { ringnumber: 0 broadcast: yes bindnetaddr: 10.0.0.0 mcastport: 5405 } interface { ringnumber: 1 broadcast: yes bindnetaddr: 10.10.10.0 mcastport: 5407 } } logging { fileline: off to_stderr: no to_syslog: yes debug: off timestamp: on } amf { mode: disabled } </pre> * populate corosync configuration to c21 [root@c21 ~]# rsync -av c20:/etc/corosync/ /etc/corosync/ * start corosync daemon on both nodes service corosync start ==Pacemaker config == === Set default cluster options=== <pre> [root@c20 ~]# crm configure property no-quorum-policy=ignore property stonith-enabled=false property default-resource-stickiness=1000 property dc-deadtime=2min property default-action-timeout=120s property shutdown-escalation=5min property cluster-recheck-interval=10min property start-failure-is-fatal=false property pe-error-series-max=1000 property pe-input-series-max=1000 property pe-warn-series-max=1000 rsc_defaults failure-timeout=10min commit bye </pre> ===Configure drbd resources=== <pre> [root@c20 ~]# crm configure primitive drbd_u00 ocf:linbit:drbd params drbd_resource="u00" \ op start timeout="240" \ op monitor interval="59s" role="Master" timeout="30s" \ op monitor interval="60s" role="Slave" timeout="30s" primitive drbd_u01 ocf:linbit:drbd params drbd_resource="u01" \ op start timeout="240" \ op monitor interval="59s" role="Master" timeout="30s" \ op monitor interval="60s" role="Slave" timeout="30s" ms ms_drbd_u00 drbd_u00 \ meta master-max="1" master-node-max="1" clone-max="2" clone-node-max="1" notify="true" ms ms_drbd_u01 drbd_u01 \ meta master-max="1" master-node-max="1" clone-max="2" clone-node-max="1" notify="true" commit bye </pre> === Configure filesystems === <pre> [root@c20 ~]# crm configure primitive fs_u00 ocf:heartbeat:Filesystem \ params device="/dev/drbd/by-res/u00" directory="/u00" fstype="ext3" options="noatime" primitive fs_u01 ocf:heartbeat:Filesystem \ params device="/dev/drbd/by-res/u01" directory="/u01" fstype="ext3" options="noatime" colocation col_u00 inf: fs_u00 ms_drbd_u00:Master colocation col_u01 inf: fs_u01 ms_drbd_u01:Master order fs_after_drbd_u00 inf: ms_drbd_u00:promote fs_u00:start order fs_after_drbd_u01 inf: ms_drbd_u01:promote fs_u01:start commit bye </pre> ===Configure IP=== <pre> [root@c20 ~]# crm configure primitive ip_rg0 ocf:heartbeat:IPaddr2 params nic="eth0" ip="10.10.10.22" cidr_netmask="32" primitive ip_rg1 ocf:heartbeat:IPaddr2 params nic="eth0" ip="10.10.10.23" cidr_netmask="32" commit bye </pre> ===Configure apache=== <pre> [root@c20 ~]# crm configure primitive apache_rg0 ocf:heartbeat:apache \ params configfile="/u00/apache/conf/httpd.conf" \ statusurl="http://cl1.chepkov.lan/server-status" \ op monitor interval="2min" \ meta target-role="stopped" primitive apache_rg1 ocf:heartbeat:apache \ params configfile="/u01/apache/conf/httpd.conf" \ statusurl="http://cl2.chepkov.lan/server-status" \ op monitor interval="2min" \ meta target-role="stopped" commit bye </pre> ===Create groups of resources and their preferred location=== <pre> [root@c20 ~]# crm configure group rg0 fs_u00 ip_rg0 apache_rg0 group rg1 fs_u01 ip_rg1 apache_rg1 location rg0_on_c20 rg0 100: c20.chepkov.lan location rg1_on_c21 rg1 100: c21.chepkov.lan commit bye </pre> ===Start apache=== crm resource start apache_rg0 crm resource start apache_rg1 ===Define ping constraints=== We don't want to run any service if default router is unreachable. <pre> # crm configure primitive ping ocf:pacemaker:ping \ params name="pingd" host_list="10.10.10.250" multiplier="200" timeout="5" \ op monitor interval="10" clone connected ping \ meta globally-unique="false" location rg0-connected rg0 \ rule -inf: not_defined pingd or pingd lte 0 location rg1-connected rg1 \ rule -inf: not_defined pingd or pingd lte 0 commit bye </pre> ==Pacemaker management== * Stop all resources crm configure property stop-all-resources=true * increase number of lrmd children /usr/sbin/lrmadmin -p max-children 10 [[Category:Linux]] 2503fa5cd64c72dfe6169d8fc60a09dda299ba44 0 5 483 475 2011-09-06T01:58:18Z Vvc 1 wikitext text/x-wiki [[How to create RedHat Driver Disk]] [[Full XEN|Full virtualization using XEN]] [[DomU|Building Xen Guest Linux System (Detailed)]] [[DomU_Easy|Building Xen Guest Linux System (Easy)]] [[DomU filesystem|How to access DomU filesystem]] [[Limit su| Limit su - root to group wheel only]] [[APCUPSD]] [[Anaconda]] [[RSyslog|Using rsyslog]] [[Encrypt Fedora|How to encrypt existing Fedora installation]] [[Convert to RAID|How to convert live Linux installation to software RAID]] [[ext4|Convert to ext4 file system]] [[Grub]] [[Winbind|Integrating Linux with Windows ADS using Winbind]] [[DRBD]] [[Pacemaker]] [[XEN with live migration with Pacemaker and DRBD]] [[Heartbeat]] [http://alexis.m2osw.com/console.html Prevent console going blank] [[LDAP Authentication]] [[Mock]] [[Persistent device name]] [[IPTables]] [[Kernel PPC|Building Redhat Linux PPC kernel for DRBD]] [[OMSA|Dell OpenManage Server administrator]] [[iSCSI]] [[Category:Linux]] 7f27763fb38e471d5f358642915956c2dd0522ce 0 1 485 446 2012-01-24T02:11:27Z Vvc 1 wikitext text/x-wiki __NOTOC__ = VVC Wiki = This is my own personal wiki. I mostly keep it for my own use, to remind me how I did some tasks, but if you find something useful, enjoy it on your own risk. Vadym Chepkov NB: ''"Never try to teach a pig to sing; it wastes your time and annoys the pig."'' == HOWTOs == [[MacOS]] [[Oracle]] [[Linux]] [[Solaris]] [[AIX]] [[OpenSSL]] [[ Subversion]] [[Useful]] [[WAS| WebSphere Application Server]] [[FreeBSD]] == Miscellaneous == My certification authority ([http://www.chepkov.com/ca.html CA]) My RPM [http://www.chepkov.com/rpms/ repository] ---- <div style="text-align:right"> [[Image:Centos.png|link=http://www.centos.org|caption=CentOS]] </div> 6b93966ec9604a8e7d387be89bcbdb93d1bbd75d 0 105 486 2012-01-24T02:12:08Z Vvc 1 Created page with "[[FreeBSD 9 ACPI]]" wikitext text/x-wiki [[FreeBSD 9 ACPI]] 683f7c30d46f37de5bd795224bd231d966f93387 0 106 487 2012-01-24T02:14:28Z Vvc 1 Created page with "''/boot/loader.conf'' debug.acpi.disabled="hostres"" wikitext text/x-wiki ''/boot/loader.conf'' debug.acpi.disabled="hostres" 2680b8870adfb441ac74b3ec5a0992f8b10a4dbf 0 70 488 484 2012-04-21T13:28:40Z Vvc 1 wikitext text/x-wiki [[Time Machine]] * To show hidden files defaults write com.apple.finder AppleShowAllFiles TRUE killall Finder * To change Computer name scutil --set HostName servername.example.com scutil --set ComputerName servername scutil --set LocalHostName servername * To check what is preventing MacBook to go to sleep pmset -g assertions In my case it was a stuck job in a printer queue: Listed by owning process: pid 19: [0x0000012c00000013] PreventSystemSleep named: "org.cups.cupsd" f873f3cded2b20155b90d7c0012e3f4dacf3e7b5 0 107 489 2012-06-27T22:56:41Z Dburdick 2 Created page with "Dennis Burdick's Work page." wikitext text/x-wiki Dennis Burdick's Work page. 8b46c053a875cf89a0e0c1e6992162c383032d76 0 108 494 2012-07-26T19:32:46Z Vvc 1 Created page with "=== Configuring mod_nss on RHEL === <ol> <li>Create empty password</li> echo -e "\n" > /tmp/empty.txt <li>Import CA certificate from videoNEXT.crt file: </li> certutil -A -n..." wikitext text/x-wiki === Configuring mod_nss on RHEL === <ol> <li>Create empty password</li> echo -e "\n" > /tmp/empty.txt <li>Import CA certificate from videoNEXT.crt file: </li> certutil -A -n videoNEXT -t CT,CT,CT -f /tmp/empty.txt -a -i videoNEXT.crt -d /etc/httpd/alias </ol> c0bd9a72ec33ffb1c5001b22eb41c09799fbce7e 513 494 2012-10-11T20:44:13Z Vvc 1 wikitext text/x-wiki === Configuring mod_nss on RHEL === *generate private key (default is not long enough) openssl genrsa -out server.key 2048 *generate certificate request <pre> openssl req -new -key server.key -out server.csr Country Name (2 letter code) [GB]:US State or Province Name (full name) [Berkshire]:Virginia Locality Name (eg, city) [Newbury]:Chantilly Organization Name (eg, company) [My Company Ltd]:videoNEXT Network Solutions, Inc. Organizational Unit Name (eg, section) []:Demo Server Common Name (eg, your name or your server's hostname) []:demo-10.videonext.com Email Address []:root@videonext.net </pre> *send server.csr to Certificate Authority *after certificate is received, convert private key, certificate and CA into pkcs12 file caname and name are database labels for CA and server certificates, in our case videoNEXT and demo-10 openssl pkcs12 -export -chain -inkey server.key -caname videoNEXT -name demo-10 -in demo-10.crt -CAfile videoNEXT.crt -out demo-10.p12 *import pkcs12 into apache NSS database: pk12util -i demo-10.p12 -d /etc/httpd/alias *mark CA certificate as a trusted CA certutil -M -n videoNEXT -t CT,CT,CT -d /etc/httpd/alias *modify /etc/httpd/conf.d/nss.conf to use new certificate's label NSSNickname demo-10 *restart apache service httpd restart 68fa23851991f6884256305fa678205b1d2ad6ef 0 70 495 488 2012-09-10T18:07:45Z Vvc 1 X11 in Mac wikitext text/x-wiki [[Time Machine]] * To show hidden files defaults write com.apple.finder AppleShowAllFiles TRUE killall Finder * To change Computer name scutil --set HostName servername.example.com scutil --set ComputerName servername scutil --set LocalHostName servername * To check what is preventing MacBook to go to sleep pmset -g assertions In my case it was a stuck job in a printer queue: Listed by owning process: pid 19: [0x0000012c00000013] PreventSystemSleep named: "org.cups.cupsd" * To make Ctrl_L & ALT_L combination work in X11 <source lang="bash"> cat > ~/.Xmodmap << EOF clear Mod1 keycode 66 = Alt_L keycode 69 = Alt_R add Mod1 = Alt_L add Mod1 = Alt_R EOF </source> 45f18bc87ef8421432a5d9ef4b3624e3ff96ec7d 524 495 2013-04-10T11:03:31Z Vvc 1 wikitext text/x-wiki [[Time Machine]] * To show hidden files defaults write com.apple.finder AppleShowAllFiles TRUE killall Finder * To allow Remote disc feature on non-Air Macs defaults write com.apple.NetworkBrowser EnableODiskBrowsing -bool true defaults write com.apple.NetworkBrowser ODSSupported -bool true sudo reboot * To change Computer name scutil --set HostName servername.example.com scutil --set ComputerName servername scutil --set LocalHostName servername * To check what is preventing MacBook to go to sleep pmset -g assertions In my case it was a stuck job in a printer queue: Listed by owning process: pid 19: [0x0000012c00000013] PreventSystemSleep named: "org.cups.cupsd" * To make Ctrl_L & ALT_L combination work in X11 <source lang="bash"> cat > ~/.Xmodmap << EOF clear Mod1 keycode 66 = Alt_L keycode 69 = Alt_R add Mod1 = Alt_L add Mod1 = Alt_R EOF </source> e946e160c055d63923088b4c9ac77c9c6959f331 0 43 496 226 2012-09-11T12:54:29Z Vvc 1 wikitext text/x-wiki [http://fedoraproject.org/wiki/Anaconda/Kickstart Kickstart Configuration] [http://fedoraproject.org/wiki/Anaconda/Options Command Line Options] [[Fedora custom DVD]] [[Category:Linux]] 55d7e15976572522c83a380d5c71319c43d4a469 0 109 497 2012-09-11T12:59:24Z Vvc 1 Created page with "* Install mock yum install mock * Create custom mock configuration '''/etc/mock/ds.cfg''' <pre> config_opts['root'] = 'ds' config_opts['target_arch'] = 'i686' config_opts['l..." wikitext text/x-wiki * Install mock yum install mock * Create custom mock configuration '''/etc/mock/ds.cfg''' <pre> config_opts['root'] = 'ds' config_opts['target_arch'] = 'i686' config_opts['legal_host_arches'] = ('i386', 'i586', 'i686', 'x86_64') config_opts['chroot_setup_cmd'] = 'groupinstall buildsys-build' config_opts['dist'] = 'fc16' # only useful for --resultdir variable subst config_opts['plugin_conf']['bind_mount_enable'] = True config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev','/dev/')) config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev/pts','/dev/pts/')) config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev/shm','/dev/shm/')) config_opts['yum.conf'] = """ [main] cachedir=/var/cache/yum debuglevel=1 reposdir=/dev/null logfile=/var/log/yum.log retries=20 obsoletes=1 gpgcheck=0 assumeyes=1 syslog_ident=mock syslog_device= [fedora] name=fedora mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-16&arch=i386 failovermethod=priority """ </pre> aedd3d8f7abed98d579b2987089ebc5e89ef7f84 498 497 2012-09-11T13:06:18Z Vvc 1 wikitext text/x-wiki * Install mock yum install mock * Create custom mock configuration '''/etc/mock/ds.cfg''' <pre> config_opts['root'] = 'ds' config_opts['target_arch'] = 'i686' config_opts['legal_host_arches'] = ('i386', 'i586', 'i686', 'x86_64') config_opts['chroot_setup_cmd'] = 'groupinstall buildsys-build' config_opts['dist'] = 'fc16' # only useful for --resultdir variable subst config_opts['plugin_conf']['bind_mount_enable'] = True config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev','/dev/')) config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev/pts','/dev/pts/')) config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev/shm','/dev/shm/')) config_opts['yum.conf'] = """ [main] cachedir=/var/cache/yum debuglevel=1 reposdir=/dev/null logfile=/var/log/yum.log retries=20 obsoletes=1 gpgcheck=0 assumeyes=1 syslog_ident=mock syslog_device= [fedora] name=fedora mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-16&arch=i386 failovermethod=priority """ </pre> * Initialise mock build environment (this might take awhile) mock -r ds --init mock -r ds install pungi spin-kickstarts f4f525a3a53470aa2f4b4bd33779416094a90332 499 498 2012-09-11T13:12:45Z Vvc 1 wikitext text/x-wiki * Install mock yum install mock * Create custom mock configuration '''/etc/mock/ds.cfg''' <pre> config_opts['root'] = 'ds' config_opts['target_arch'] = 'i686' config_opts['legal_host_arches'] = ('i386', 'i586', 'i686', 'x86_64') config_opts['chroot_setup_cmd'] = 'groupinstall buildsys-build' config_opts['dist'] = 'fc16' # only useful for --resultdir variable subst config_opts['plugin_conf']['bind_mount_enable'] = True config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev','/dev/')) config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev/pts','/dev/pts/')) config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev/shm','/dev/shm/')) config_opts['yum.conf'] = """ [main] cachedir=/var/cache/yum debuglevel=1 reposdir=/dev/null logfile=/var/log/yum.log retries=20 obsoletes=1 gpgcheck=0 assumeyes=1 syslog_ident=mock syslog_device= [fedora] name=fedora mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-16&arch=i386 failovermethod=priority """ </pre> * Initialise mock build environment mock -r ds --init mock -r ds install pungi spin-kickstarts * Use a kistart which you would use, but remove every section from it beside "@packages" Add your local repositories '''ds-build.cfg" <pre> # Add the repos you wish to use to compose here. At least one of them needs group data. repo --name=fedora --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-$releasever&arch=$basearch --exclude kernel*debug* --exclude kernel-kdump* \ --exclude syslog-ng --exclude java-1.5.0-gcj-devel --exclude astronomy-bookmarks --exclude generic* --exclude java-1.5.0-gcj-javadoc --exclude btanks* --exclude GConf2-dbus* --exclude bluez-gnome repo --name=fedora-source --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-source-$releasever&arch=$basearch --exclude kernel*debug* --exclude kernel-kdump* \ --exclude syslog-ng --exclude java-1.5.0-gcj-devel --exclude astronomy-bookmarks --exclude generic* --exclude java-1.5.0-gcj-javadoc --exclude btanks* --exclude GConf2-dbus* --exclude bluez-gnome repo --name="base" --baseurl=http://ftp.videonext.net/private/Fedora/16/i386/os --cost=1 repo --name="vnrpms" --baseurl=http://ftp.dev.videonext.net/ks/ds/vnrpms %packages --default tcsh kernel* dracut-* # grub-efi and grub2 and efibootmgr so anaconda can use the right one on install. grub-efi grub2 efibootmgr @base-x boost xorg-x11-fonts-Type1 compiz openssh-server qt qtwebkit fbset libva libva-utils libXv libXtst perl-libwww-perl ntp ntp-perl net-tools ds-sos ds-vmx gdb watchdog %end </pre> eb329628b09841bd259aba0a920d40d1ae211ed8 500 499 2012-09-11T13:13:19Z Vvc 1 wikitext text/x-wiki * Install mock yum install mock * Create custom mock configuration '''/etc/mock/ds.cfg''' <pre> config_opts['root'] = 'ds' config_opts['target_arch'] = 'i686' config_opts['legal_host_arches'] = ('i386', 'i586', 'i686', 'x86_64') config_opts['chroot_setup_cmd'] = 'groupinstall buildsys-build' config_opts['dist'] = 'fc16' # only useful for --resultdir variable subst config_opts['plugin_conf']['bind_mount_enable'] = True config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev','/dev/')) config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev/pts','/dev/pts/')) config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev/shm','/dev/shm/')) config_opts['yum.conf'] = """ [main] cachedir=/var/cache/yum debuglevel=1 reposdir=/dev/null logfile=/var/log/yum.log retries=20 obsoletes=1 gpgcheck=0 assumeyes=1 syslog_ident=mock syslog_device= [fedora] name=fedora mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-16&arch=i386 failovermethod=priority """ </pre> * Initialise mock build environment mock -r ds --init mock -r ds install pungi spin-kickstarts * Use a kistart which you would use, but remove every section from it beside "@packages" Add your local repositories '''ds-build.cfg"' <pre> # Add the repos you wish to use to compose here. At least one of them needs group data. repo --name=fedora --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-$releasever&arch=$basearch --exclude kernel*debug* --exclude kernel-kdump* \ --exclude syslog-ng --exclude java-1.5.0-gcj-devel --exclude astronomy-bookmarks --exclude generic* --exclude java-1.5.0-gcj-javadoc --exclude btanks* --exclude GConf2-dbus* --exclude bluez-gnome repo --name=fedora-source --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-source-$releasever&arch=$basearch --exclude kernel*debug* --exclude kernel-kdump* \ --exclude syslog-ng --exclude java-1.5.0-gcj-devel --exclude astronomy-bookmarks --exclude generic* --exclude java-1.5.0-gcj-javadoc --exclude btanks* --exclude GConf2-dbus* --exclude bluez-gnome repo --name="base" --baseurl=http://ftp.videonext.net/private/Fedora/16/i386/os --cost=1 repo --name="vnrpms" --baseurl=http://ftp.dev.videonext.net/ks/ds/vnrpms %packages --default tcsh kernel* dracut-* # grub-efi and grub2 and efibootmgr so anaconda can use the right one on install. grub-efi grub2 efibootmgr @base-x boost xorg-x11-fonts-Type1 compiz openssh-server qt qtwebkit fbset libva libva-utils libXv libXtst perl-libwww-perl ntp ntp-perl net-tools ds-sos ds-vmx gdb watchdog %end </pre> 9973f4482f8e4f475d0ebef50f4fe96826c31ecf 501 500 2012-09-11T13:13:57Z Vvc 1 wikitext text/x-wiki * Install mock yum install mock * Create custom mock configuration '''/etc/mock/ds.cfg''' <pre> config_opts['root'] = 'ds' config_opts['target_arch'] = 'i686' config_opts['legal_host_arches'] = ('i386', 'i586', 'i686', 'x86_64') config_opts['chroot_setup_cmd'] = 'groupinstall buildsys-build' config_opts['dist'] = 'fc16' # only useful for --resultdir variable subst config_opts['plugin_conf']['bind_mount_enable'] = True config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev','/dev/')) config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev/pts','/dev/pts/')) config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev/shm','/dev/shm/')) config_opts['yum.conf'] = """ [main] cachedir=/var/cache/yum debuglevel=1 reposdir=/dev/null logfile=/var/log/yum.log retries=20 obsoletes=1 gpgcheck=0 assumeyes=1 syslog_ident=mock syslog_device= [fedora] name=fedora mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-16&arch=i386 failovermethod=priority """ </pre> * Initialise mock build environment mock -r ds --init mock -r ds install pungi spin-kickstarts * Use a kistart which you would use, but remove every section from it beside "@packages" Add your local repositories '''ds-build.cfg''' <pre> # Add the repos you wish to use to compose here. At least one of them needs group data. repo --name=fedora --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-$releasever&arch=$basearch --exclude kernel*debug* --exclude kernel-kdump* \ --exclude syslog-ng --exclude java-1.5.0-gcj-devel --exclude astronomy-bookmarks --exclude generic* --exclude java-1.5.0-gcj-javadoc --exclude btanks* --exclude GConf2-dbus* --exclude bluez-gnome repo --name=fedora-source --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-source-$releasever&arch=$basearch --exclude kernel*debug* --exclude kernel-kdump* \ --exclude syslog-ng --exclude java-1.5.0-gcj-devel --exclude astronomy-bookmarks --exclude generic* --exclude java-1.5.0-gcj-javadoc --exclude btanks* --exclude GConf2-dbus* --exclude bluez-gnome repo --name="base" --baseurl=http://ftp.videonext.net/private/Fedora/16/i386/os --cost=1 repo --name="vnrpms" --baseurl=http://ftp.dev.videonext.net/ks/ds/vnrpms %packages --default tcsh kernel* dracut-* # grub-efi and grub2 and efibootmgr so anaconda can use the right one on install. grub-efi grub2 efibootmgr @base-x boost xorg-x11-fonts-Type1 compiz openssh-server qt qtwebkit fbset libva libva-utils libXv libXtst perl-libwww-perl ntp ntp-perl net-tools ds-sos ds-vmx gdb watchdog %end </pre> 81589ad9b9741ed6764c1f5f1dfb88ff96f5c176 502 501 2012-09-11T13:15:19Z Vvc 1 wikitext text/x-wiki * Install mock yum install mock * Create custom mock configuration '''/etc/mock/ds.cfg''' <pre> config_opts['root'] = 'ds' config_opts['target_arch'] = 'i686' config_opts['legal_host_arches'] = ('i386', 'i586', 'i686', 'x86_64') config_opts['chroot_setup_cmd'] = 'groupinstall buildsys-build' config_opts['dist'] = 'fc16' # only useful for --resultdir variable subst config_opts['plugin_conf']['bind_mount_enable'] = True config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev','/dev/')) config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev/pts','/dev/pts/')) config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev/shm','/dev/shm/')) config_opts['yum.conf'] = """ [main] cachedir=/var/cache/yum debuglevel=1 reposdir=/dev/null logfile=/var/log/yum.log retries=20 obsoletes=1 gpgcheck=0 assumeyes=1 syslog_ident=mock syslog_device= [fedora] name=fedora mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-16&arch=i386 failovermethod=priority """ </pre> * Initialise mock build environment mock -r ds --init mock -r ds install pungi spin-kickstarts * Use a kickstart which you would normally use, but remove every section from it beside "@packages" Add your local repositories '''ds-build.cfg''' <pre> # Add the repos you wish to use to compose here. At least one of them needs group data. repo --name=fedora --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-$releasever&arch=$basearch --exclude kernel*debug* --exclude kernel-kdump* \ --exclude syslog-ng --exclude java-1.5.0-gcj-devel --exclude astronomy-bookmarks --exclude generic* --exclude java-1.5.0-gcj-javadoc --exclude btanks* --exclude GConf2-dbus* --exclude bluez-gnome repo --name=fedora-source --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-source-$releasever&arch=$basearch --exclude kernel*debug* --exclude kernel-kdump* \ --exclude syslog-ng --exclude java-1.5.0-gcj-devel --exclude astronomy-bookmarks --exclude generic* --exclude java-1.5.0-gcj-javadoc --exclude btanks* --exclude GConf2-dbus* --exclude bluez-gnome repo --name="base" --baseurl=http://ftp.videonext.net/private/Fedora/16/i386/os --cost=1 repo --name="vnrpms" --baseurl=http://ftp.dev.videonext.net/ks/ds/vnrpms %packages --default tcsh kernel* dracut-* # grub-efi and grub2 and efibootmgr so anaconda can use the right one on install. grub-efi grub2 efibootmgr @base-x boost xorg-x11-fonts-Type1 compiz openssh-server qt qtwebkit fbset libva libva-utils libXv libXtst perl-libwww-perl ntp ntp-perl net-tools ds-sos ds-vmx gdb watchdog %end </pre> * Install the build config into mock environment mock -r ds --copyin ds-build.cfg /usr/share/spin-kickstarts/ 0216f8e0fa47198ec170fdfbc83657ac65969898 503 502 2012-09-11T13:17:40Z Vvc 1 wikitext text/x-wiki * Install mock yum install mock * Create custom mock configuration '''/etc/mock/ds.cfg''' <pre> config_opts['root'] = 'ds' config_opts['target_arch'] = 'i686' config_opts['legal_host_arches'] = ('i386', 'i586', 'i686', 'x86_64') config_opts['chroot_setup_cmd'] = 'groupinstall buildsys-build' config_opts['dist'] = 'fc16' # only useful for --resultdir variable subst config_opts['plugin_conf']['bind_mount_enable'] = True config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev','/dev/')) config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev/pts','/dev/pts/')) config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev/shm','/dev/shm/')) config_opts['yum.conf'] = """ [main] cachedir=/var/cache/yum debuglevel=1 reposdir=/dev/null logfile=/var/log/yum.log retries=20 obsoletes=1 gpgcheck=0 assumeyes=1 syslog_ident=mock syslog_device= [fedora] name=fedora mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-16&arch=i386 failovermethod=priority """ </pre> * Initialise mock build environment mock -r ds --init mock -r ds install pungi spin-kickstarts * Use a kickstart which you would normally use, but remove every section from it beside "@packages" Add your local repositories '''ds-build.cfg''' <pre> # Add the repos you wish to use to compose here. At least one of them needs group data. repo --name=fedora --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-$releasever&arch=$basearch --exclude kernel*debug* --exclude kernel-kdump* \ --exclude syslog-ng --exclude java-1.5.0-gcj-devel --exclude astronomy-bookmarks --exclude generic* --exclude java-1.5.0-gcj-javadoc --exclude btanks* --exclude GConf2-dbus* --exclude bluez-gnome repo --name=fedora-source --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-source-$releasever&arch=$basearch --exclude kernel*debug* --exclude kernel-kdump* \ --exclude syslog-ng --exclude java-1.5.0-gcj-devel --exclude astronomy-bookmarks --exclude generic* --exclude java-1.5.0-gcj-javadoc --exclude btanks* --exclude GConf2-dbus* --exclude bluez-gnome repo --name="base" --baseurl=http://ftp.videonext.net/private/Fedora/16/i386/os --cost=1 repo --name="vnrpms" --baseurl=http://ftp.dev.videonext.net/ks/ds/vnrpms %packages --default tcsh kernel* dracut-* # grub-efi and grub2 and efibootmgr so anaconda can use the right one on install. grub-efi grub2 efibootmgr @base-x boost xorg-x11-fonts-Type1 compiz openssh-server qt qtwebkit fbset libva libva-utils libXv libXtst perl-libwww-perl ntp ntp-perl net-tools ds-sos ds-vmx gdb watchdog %end </pre> * Install the build config into mock environment mock -r ds --copyin ds-build.cfg /usr/share/spin-kickstarts/ # Generate ISO tree mock -r ds --shell 'pungi --nosource --nodebuginfo -G -C -B --flavor Fedora --name DS --ver 16 -c /usr/share/spin-kickstarts/ds-build.cfg' 0f7e101898a1f522e163dec743817e9fcf2e99c4 504 503 2012-09-11T13:17:54Z Vvc 1 wikitext text/x-wiki * Install mock yum install mock * Create custom mock configuration '''/etc/mock/ds.cfg''' <pre> config_opts['root'] = 'ds' config_opts['target_arch'] = 'i686' config_opts['legal_host_arches'] = ('i386', 'i586', 'i686', 'x86_64') config_opts['chroot_setup_cmd'] = 'groupinstall buildsys-build' config_opts['dist'] = 'fc16' # only useful for --resultdir variable subst config_opts['plugin_conf']['bind_mount_enable'] = True config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev','/dev/')) config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev/pts','/dev/pts/')) config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev/shm','/dev/shm/')) config_opts['yum.conf'] = """ [main] cachedir=/var/cache/yum debuglevel=1 reposdir=/dev/null logfile=/var/log/yum.log retries=20 obsoletes=1 gpgcheck=0 assumeyes=1 syslog_ident=mock syslog_device= [fedora] name=fedora mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-16&arch=i386 failovermethod=priority """ </pre> * Initialise mock build environment mock -r ds --init mock -r ds install pungi spin-kickstarts * Use a kickstart which you would normally use, but remove every section from it beside "@packages" Add your local repositories '''ds-build.cfg''' <pre> # Add the repos you wish to use to compose here. At least one of them needs group data. repo --name=fedora --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-$releasever&arch=$basearch --exclude kernel*debug* --exclude kernel-kdump* \ --exclude syslog-ng --exclude java-1.5.0-gcj-devel --exclude astronomy-bookmarks --exclude generic* --exclude java-1.5.0-gcj-javadoc --exclude btanks* --exclude GConf2-dbus* --exclude bluez-gnome repo --name=fedora-source --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-source-$releasever&arch=$basearch --exclude kernel*debug* --exclude kernel-kdump* \ --exclude syslog-ng --exclude java-1.5.0-gcj-devel --exclude astronomy-bookmarks --exclude generic* --exclude java-1.5.0-gcj-javadoc --exclude btanks* --exclude GConf2-dbus* --exclude bluez-gnome repo --name="base" --baseurl=http://ftp.videonext.net/private/Fedora/16/i386/os --cost=1 repo --name="vnrpms" --baseurl=http://ftp.dev.videonext.net/ks/ds/vnrpms %packages --default tcsh kernel* dracut-* # grub-efi and grub2 and efibootmgr so anaconda can use the right one on install. grub-efi grub2 efibootmgr @base-x boost xorg-x11-fonts-Type1 compiz openssh-server qt qtwebkit fbset libva libva-utils libXv libXtst perl-libwww-perl ntp ntp-perl net-tools ds-sos ds-vmx gdb watchdog %end </pre> * Install the build config into mock environment mock -r ds --copyin ds-build.cfg /usr/share/spin-kickstarts/ * Generate ISO tree mock -r ds --shell 'pungi --nosource --nodebuginfo -G -C -B --flavor Fedora --name DS --ver 16 -c /usr/share/spin-kickstarts/ds-build.cfg' a73595405bed0357dc4dab11eb9ddf6af4adc3fe 505 504 2012-09-11T13:24:10Z Vvc 1 wikitext text/x-wiki * Install mock yum install mock * Create custom mock configuration '''/etc/mock/ds.cfg''' <pre> config_opts['root'] = 'ds' config_opts['target_arch'] = 'i686' config_opts['legal_host_arches'] = ('i386', 'i586', 'i686', 'x86_64') config_opts['chroot_setup_cmd'] = 'groupinstall buildsys-build' config_opts['dist'] = 'fc16' # only useful for --resultdir variable subst config_opts['plugin_conf']['bind_mount_enable'] = True config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev','/dev/')) config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev/pts','/dev/pts/')) config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev/shm','/dev/shm/')) config_opts['yum.conf'] = """ [main] cachedir=/var/cache/yum debuglevel=1 reposdir=/dev/null logfile=/var/log/yum.log retries=20 obsoletes=1 gpgcheck=0 assumeyes=1 syslog_ident=mock syslog_device= [fedora] name=fedora mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-16&arch=i386 failovermethod=priority """ </pre> * Initialise mock build environment mock -r ds --init mock -r ds install pungi spin-kickstarts * Use a kickstart which you would normally use, but remove every section from it beside "@packages" Add your local repositories '''ds-build.cfg''' <pre> # Add the repos you wish to use to compose here. At least one of them needs group data. repo --name=fedora --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-$releasever&arch=$basearch --exclude kernel*debug* --exclude kernel-kdump* \ --exclude syslog-ng --exclude java-1.5.0-gcj-devel --exclude astronomy-bookmarks --exclude generic* --exclude java-1.5.0-gcj-javadoc --exclude btanks* --exclude GConf2-dbus* --exclude bluez-gnome repo --name=fedora-source --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-source-$releasever&arch=$basearch --exclude kernel*debug* --exclude kernel-kdump* \ --exclude syslog-ng --exclude java-1.5.0-gcj-devel --exclude astronomy-bookmarks --exclude generic* --exclude java-1.5.0-gcj-javadoc --exclude btanks* --exclude GConf2-dbus* --exclude bluez-gnome repo --name="base" --baseurl=http://ftp.videonext.net/private/Fedora/16/i386/os --cost=1 repo --name="vnrpms" --baseurl=http://ftp.dev.videonext.net/ks/ds/vnrpms %packages --default tcsh kernel* dracut-* # grub-efi and grub2 and efibootmgr so anaconda can use the right one on install. grub-efi grub2 efibootmgr @base-x boost xorg-x11-fonts-Type1 compiz openssh-server qt qtwebkit fbset libva libva-utils libXv libXtst perl-libwww-perl ntp ntp-perl net-tools ds-sos ds-vmx gdb watchdog %end </pre> * Install the build config into mock environment mock -r ds --copyin ds-build.cfg /usr/share/spin-kickstarts/ * Generate ISO tree mock -r ds --shell 'pungi --nosource --nodebuginfo -G -C -B --flavor Fedora --name Fedora --ver 16 -c /usr/share/spin-kickstarts/ds-build.cfg' a0dacfdefbdbc7cf036a0a0f33cf853ddfbbe425 506 505 2012-09-11T14:06:46Z Vvc 1 wikitext text/x-wiki * Install mock yum install mock * Create custom mock configuration '''/etc/mock/ds.cfg''' <pre> config_opts['root'] = 'ds' config_opts['target_arch'] = 'i686' config_opts['legal_host_arches'] = ('i386', 'i586', 'i686', 'x86_64') config_opts['chroot_setup_cmd'] = 'groupinstall buildsys-build' config_opts['dist'] = 'fc16' # only useful for --resultdir variable subst config_opts['plugin_conf']['bind_mount_enable'] = True config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev','/dev/')) config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev/pts','/dev/pts/')) config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev/shm','/dev/shm/')) config_opts['yum.conf'] = """ [main] cachedir=/var/cache/yum debuglevel=1 reposdir=/dev/null logfile=/var/log/yum.log retries=20 obsoletes=1 gpgcheck=0 assumeyes=1 syslog_ident=mock syslog_device= [fedora] name=fedora mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-16&arch=i386 failovermethod=priority """ </pre> * Initialise mock build environment mock -r ds --init mock -r ds install pungi spin-kickstarts * Use a kickstart which you would normally use, but remove every section from it beside "@packages" Add your local repositories '''ds-build.cfg''' <pre> # Add the repos you wish to use to compose here. At least one of them needs group data. repo --name=fedora --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-$releasever&arch=$basearch --exclude kernel*debug* --exclude kernel-kdump* \ --exclude syslog-ng --exclude java-1.5.0-gcj-devel --exclude astronomy-bookmarks --exclude generic* --exclude java-1.5.0-gcj-javadoc --exclude btanks* --exclude GConf2-dbus* --exclude bluez-gnome repo --name=fedora-source --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-source-$releasever&arch=$basearch --exclude kernel*debug* --exclude kernel-kdump* \ --exclude syslog-ng --exclude java-1.5.0-gcj-devel --exclude astronomy-bookmarks --exclude generic* --exclude java-1.5.0-gcj-javadoc --exclude btanks* --exclude GConf2-dbus* --exclude bluez-gnome repo --name="base" --baseurl=http://ftp.videonext.net/private/Fedora/16/i386/os --cost=1 repo --name="vnrpms" --baseurl=http://ftp.dev.videonext.net/ks/ds/vnrpms %packages --default tcsh kernel* dracut-* # grub-efi and grub2 and efibootmgr so anaconda can use the right one on install. grub-efi grub2 efibootmgr @base-x boost xorg-x11-fonts-Type1 compiz openssh-server qt qtwebkit fbset libva libva-utils libXv libXtst perl-libwww-perl ntp ntp-perl net-tools ds-sos ds-vmx gdb watchdog %end </pre> * Install the build config into mock environment mock -r ds --copyin ds-build.cfg /usr/share/spin-kickstarts/ * Generate ISO tree mock -r ds --shell 'pungi --nosource --nodebuginfo -G -C -B --flavor Fedora --name Fedora --ver 16 -c /usr/share/spin-kickstarts/ds-build.cfg' * Copy customized version of messages and isolinux.cfg mock -r ds --copyin isolinux.cfg ds.msg /16/Fedora/i386/os/isolinux/ * Copy your kickstart mock -r ds --copyin ks.cfg /16/Fedora/i386/os/ 84c70a03044771bf6993f513281d65d39d59ef9e 507 506 2012-09-11T14:08:51Z Vvc 1 wikitext text/x-wiki * Install mock yum install mock * Create custom mock configuration '''/etc/mock/ds.cfg''' <pre> config_opts['root'] = 'ds' config_opts['target_arch'] = 'i686' config_opts['legal_host_arches'] = ('i386', 'i586', 'i686', 'x86_64') config_opts['chroot_setup_cmd'] = 'groupinstall buildsys-build' config_opts['dist'] = 'fc16' # only useful for --resultdir variable subst config_opts['plugin_conf']['bind_mount_enable'] = True config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev','/dev/')) config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev/pts','/dev/pts/')) config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev/shm','/dev/shm/')) config_opts['yum.conf'] = """ [main] cachedir=/var/cache/yum debuglevel=1 reposdir=/dev/null logfile=/var/log/yum.log retries=20 obsoletes=1 gpgcheck=0 assumeyes=1 syslog_ident=mock syslog_device= [fedora] name=fedora mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-16&arch=i386 failovermethod=priority """ </pre> * Initialise mock build environment mock -r ds --init mock -r ds install pungi spin-kickstarts * Use a kickstart which you would normally use, but remove every section from it beside "@packages" Add your local repositories '''ds-build.cfg''' <pre> # Add the repos you wish to use to compose here. At least one of them needs group data. repo --name=fedora --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-$releasever&arch=$basearch --exclude kernel*debug* --exclude kernel-kdump* \ --exclude syslog-ng --exclude java-1.5.0-gcj-devel --exclude astronomy-bookmarks --exclude generic* --exclude java-1.5.0-gcj-javadoc --exclude btanks* --exclude GConf2-dbus* --exclude bluez-gnome repo --name=fedora-source --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-source-$releasever&arch=$basearch --exclude kernel*debug* --exclude kernel-kdump* \ --exclude syslog-ng --exclude java-1.5.0-gcj-devel --exclude astronomy-bookmarks --exclude generic* --exclude java-1.5.0-gcj-javadoc --exclude btanks* --exclude GConf2-dbus* --exclude bluez-gnome repo --name="base" --baseurl=http://ftp.videonext.net/private/Fedora/16/i386/os --cost=1 repo --name="vnrpms" --baseurl=http://ftp.dev.videonext.net/ks/ds/vnrpms %packages --default tcsh kernel* dracut-* # grub-efi and grub2 and efibootmgr so anaconda can use the right one on install. grub-efi grub2 efibootmgr @base-x boost xorg-x11-fonts-Type1 compiz openssh-server qt qtwebkit fbset libva libva-utils libXv libXtst perl-libwww-perl ntp ntp-perl net-tools ds-sos ds-vmx gdb watchdog %end </pre> * Install the build config into mock environment mock -r ds --copyin ds-build.cfg /usr/share/spin-kickstarts/ * Generate ISO tree mock -r ds --shell 'pungi --nosource --nodebuginfo -G -C -B --flavor Fedora --name Fedora --ver 16 -c /usr/share/spin-kickstarts/ds-build.cfg' * Copy customized version of messages and isolinux.cfg mock -r ds --copyin isolinux.cfg ds.msg /16/Fedora/i386/os/isolinux/ * Copy your kickstart mock -r ds --copyin ks.cfg /16/Fedora/i386/os/ * Build the ISO mock -r ds --shell 'pungi --nosource --nodebuginfo -I --flavor Fedora --name Fedora --ver 16 -c /usr/share/spin-kickstarts/ds-build.cfg' * Enjoy 93e705e9ac9141b703ac7bd6bb46b32a025e1315 508 507 2012-09-14T18:36:31Z Vvc 1 wikitext text/x-wiki * Install mock yum install mock * Create custom mock configuration '''/etc/mock/ds.cfg''' <pre> config_opts['root'] = 'ds' config_opts['target_arch'] = 'i686' config_opts['legal_host_arches'] = ('i386', 'i586', 'i686', 'x86_64') config_opts['chroot_setup_cmd'] = 'groupinstall buildsys-build' config_opts['dist'] = 'fc16' # only useful for --resultdir variable subst config_opts['plugin_conf']['bind_mount_enable'] = True config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev','/dev/')) config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev/pts','/dev/pts/')) config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev/shm','/dev/shm/')) config_opts['yum.conf'] = """ [main] cachedir=/var/cache/yum debuglevel=1 reposdir=/dev/null logfile=/var/log/yum.log retries=20 obsoletes=1 gpgcheck=0 assumeyes=1 syslog_ident=mock syslog_device= [fedora] name=fedora mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-16&arch=i386 failovermethod=priority """ </pre> * Initialise mock build environment mock -r ds --init mock -r ds install pungi spin-kickstarts * Use a kickstart which you would normally use, but remove every section from it beside "@packages" Add your local repositories '''ds-build.cfg''' <pre> # Add the repos you wish to use to compose here. At least one of them needs group data. repo --name=fedora --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-$releasever&arch=$basearch --exclude kernel*debug* --exclude kernel-kdump* \ --exclude syslog-ng --exclude java-1.5.0-gcj-devel --exclude astronomy-bookmarks --exclude generic* --exclude java-1.5.0-gcj-javadoc --exclude btanks* --exclude GConf2-dbus* --exclude bluez-gnome repo --name=fedora-source --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-source-$releasever&arch=$basearch --exclude kernel*debug* --exclude kernel-kdump* \ --exclude syslog-ng --exclude java-1.5.0-gcj-devel --exclude astronomy-bookmarks --exclude generic* --exclude java-1.5.0-gcj-javadoc --exclude btanks* --exclude GConf2-dbus* --exclude bluez-gnome repo --name="base" --baseurl=http://ftp.videonext.net/private/Fedora/16/i386/os --cost=1 repo --name="vnrpms" --baseurl=http://ftp.dev.videonext.net/ks/ds/vnrpms %packages --default tcsh kernel* dracut-* # grub-efi and grub2 and efibootmgr so anaconda can use the right one on install. grub-efi grub2 efibootmgr @base-x boost xorg-x11-fonts-Type1 compiz openssh-server qt qtwebkit fbset libva libva-utils libXv libXtst perl-libwww-perl ntp ntp-perl net-tools ds-sos ds-vmx gdb watchdog %end </pre> * Install the build config into mock environment mock -r ds --copyin ds-build.cfg /usr/share/spin-kickstarts/ * Generate ISO tree mock -r ds --shell 'pungi --nosource --nodebuginfo -G -C -B --flavor Fedora --name Fedora --ver 16 -c /usr/share/spin-kickstarts/ds-build.cfg' * Copy customized version of messages and isolinux.cfg mock -r ds --copyin isolinux.cfg videonext.msg videonext.lss /16/Fedora/i386/os/isolinux/ * Copy your kickstart mock -r ds --copyin cdrom.cfg /16/Fedora/i386/os/ks.cfg * Build the ISO mock -r ds --shell 'pungi --nosource --nodebuginfo -I --flavor Fedora --name Fedora --ver 16 -c /usr/share/spin-kickstarts/ds-build.cfg' * Enjoy a734b25f9e422e01c6044dab9dec0b927aabc1a1 509 508 2012-09-14T19:14:51Z Vvc 1 wikitext text/x-wiki * Install mock yum install mock * Create custom mock configuration '''/etc/mock/ds.cfg''' <pre> config_opts['root'] = 'ds' config_opts['target_arch'] = 'i686' config_opts['legal_host_arches'] = ('i386', 'i586', 'i686', 'x86_64') config_opts['chroot_setup_cmd'] = 'groupinstall buildsys-build' config_opts['dist'] = 'fc16' # only useful for --resultdir variable subst config_opts['plugin_conf']['bind_mount_enable'] = True config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev','/dev/')) config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev/pts','/dev/pts/')) config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev/shm','/dev/shm/')) config_opts['yum.conf'] = """ [main] cachedir=/var/cache/yum debuglevel=1 reposdir=/dev/null logfile=/var/log/yum.log retries=20 obsoletes=1 gpgcheck=0 assumeyes=1 syslog_ident=mock syslog_device= [fedora] name=fedora mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-16&arch=i386 failovermethod=priority """ </pre> * Initialise mock build environment mock -r ds --init mock -r ds install pungi spin-kickstarts * Use a kickstart which you would normally use, but remove every section from it beside "@packages" Add your local repositories '''ds-build.cfg''' <pre> # Add the repos you wish to use to compose here. At least one of them needs group data. repo --name=fedora --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-$releasever&arch=$basearch --exclude kernel*debug* --exclude kernel-kdump* \ --exclude syslog-ng --exclude java-1.5.0-gcj-devel --exclude astronomy-bookmarks --exclude generic* --exclude java-1.5.0-gcj-javadoc --exclude btanks* --exclude GConf2-dbus* --exclude bluez-gnome repo --name=fedora-source --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-source-$releasever&arch=$basearch --exclude kernel*debug* --exclude kernel-kdump* \ --exclude syslog-ng --exclude java-1.5.0-gcj-devel --exclude astronomy-bookmarks --exclude generic* --exclude java-1.5.0-gcj-javadoc --exclude btanks* --exclude GConf2-dbus* --exclude bluez-gnome repo --name="base" --baseurl=http://ftp.videonext.net/private/Fedora/16/i386/os --cost=1 repo --name="vnrpms" --baseurl=http://ftp.dev.videonext.net/ks/ds/vnrpms %packages --default tcsh kernel* dracut-* # grub-efi and grub2 and efibootmgr so anaconda can use the right one on install. grub-efi grub2 efibootmgr @base-x boost xorg-x11-fonts-Type1 compiz openssh-server qt qtwebkit fbset libva libva-utils libXv libXtst perl-libwww-perl ntp ntp-perl net-tools ds-sos ds-vmx gdb watchdog %end </pre> * Install the build config into mock environment mock -r ds --copyin ds-build.cfg /usr/share/spin-kickstarts/ * Generate ISO tree mock -r ds --shell 'pungi --nosource --nodebuginfo -G -C -B --flavor Fedora --name Fedora --ver 16 -c /usr/share/spin-kickstarts/ds-build.cfg' * Copy customized version of messages and isolinux.cfg mock -r ds --copyin dvd-isolinux.cfg /16/Fedora/i386/os/isolinux/isolinux.cfg mock -r ds --copyin ds.msg videonext.lss /16/Fedora/i386/os/isolinux/ * Copy your kickstart mock -r ds --copyin cdrom.cfg /16/Fedora/i386/os/ks.cfg * Build the ISO mock -r ds --shell 'pungi --nosource --nodebuginfo -I --flavor Fedora --name Fedora --ver 16 -c /usr/share/spin-kickstarts/ds-build.cfg' * Enjoy ea7dada3e2c0222805beace652bcc16f796b934e 510 509 2012-09-18T20:46:51Z Vvc 1 wikitext text/x-wiki * Install mock yum install mock * Create custom mock configuration '''/etc/mock/ds.cfg''' <pre> config_opts['root'] = 'ds' config_opts['target_arch'] = 'i686' config_opts['legal_host_arches'] = ('i386', 'i586', 'i686', 'x86_64') config_opts['chroot_setup_cmd'] = 'groupinstall buildsys-build' config_opts['dist'] = 'fc16' # only useful for --resultdir variable subst config_opts['plugin_conf']['bind_mount_enable'] = True config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev','/dev/')) config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev/pts','/dev/pts/')) config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev/shm','/dev/shm/')) config_opts['yum.conf'] = """ [main] cachedir=/var/cache/yum debuglevel=1 reposdir=/dev/null logfile=/var/log/yum.log retries=20 obsoletes=1 gpgcheck=0 assumeyes=1 syslog_ident=mock syslog_device= [fedora] name=fedora mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-16&arch=i386 failovermethod=priority """ </pre> * Initialise mock build environment mock -r ds --init mock -r ds install pungi spin-kickstarts * Use a kickstart which you would normally use, but remove every section from it beside "@packages" Add your local repositories '''ds-build.cfg''' <pre> # Add the repos you wish to use to compose here. At least one of them needs group data. repo --name=fedora --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-$releasever&arch=$basearch --exclude kernel*debug* --exclude kernel-kdump* \ --exclude syslog-ng --exclude java-1.5.0-gcj-devel --exclude astronomy-bookmarks --exclude generic* --exclude java-1.5.0-gcj-javadoc --exclude btanks* --exclude GConf2-dbus* --exclude bluez-gnome repo --name=fedora-source --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-source-$releasever&arch=$basearch --exclude kernel*debug* --exclude kernel-kdump* \ --exclude syslog-ng --exclude java-1.5.0-gcj-devel --exclude astronomy-bookmarks --exclude generic* --exclude java-1.5.0-gcj-javadoc --exclude btanks* --exclude GConf2-dbus* --exclude bluez-gnome repo --name="base" --baseurl=http://ftp.videonext.net/private/Fedora/16/i386/os --cost=1 repo --name="vnrpms" --baseurl=http://ftp.dev.videonext.net/ks/ds/vnrpms %packages --default tcsh kernel* dracut-* # grub-efi and grub2 and efibootmgr so anaconda can use the right one on install. grub-efi grub2 efibootmgr @base-x boost xorg-x11-fonts-Type1 compiz openssh-server qt qtwebkit fbset libva libva-utils libXv libXtst perl-libwww-perl ntp ntp-perl net-tools ds-sos ds-vmx gdb watchdog %end </pre> * Install the build config into mock environment mock -r ds --copyin ds-build.cfg /usr/share/spin-kickstarts/ * Generate ISO tree mock -r ds --shell 'pungi --nosource --nodebuginfo -G -C -B --flavor Fedora --name Fedora --ver 16 -c /usr/share/spin-kickstarts/ds-build.cfg' * Copy customized version of messages and isolinux.cfg mock -r ds --copyin isolinux.cfg ds.msg videonext.lss /16/Fedora/i386/os/isolinux/ * Copy your kickstart mock -r ds --copyin ks.cfg ks-lds.cfg /16/Fedora/i386/os/ * Build the ISO mock -r ds --shell 'pungi --nosource --nodebuginfo -I --flavor Fedora --name Fedora --ver 16 -c /usr/share/spin-kickstarts/ds-build.cfg' * Enjoy 10823500712bbe6db4809c9448305b0d234b1b86 511 510 2012-09-18T21:06:01Z Vvc 1 wikitext text/x-wiki * Install mock yum install mock * Create custom mock configuration '''/etc/mock/ds.cfg''' <pre> config_opts['root'] = 'ds' config_opts['target_arch'] = 'i686' config_opts['legal_host_arches'] = ('i386', 'i586', 'i686', 'x86_64') config_opts['chroot_setup_cmd'] = 'groupinstall buildsys-build' config_opts['dist'] = 'fc16' # only useful for --resultdir variable subst config_opts['plugin_conf']['bind_mount_enable'] = True config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev','/dev/')) config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev/pts','/dev/pts/')) config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev/shm','/dev/shm/')) config_opts['yum.conf'] = """ [main] cachedir=/var/cache/yum debuglevel=1 reposdir=/dev/null logfile=/var/log/yum.log retries=20 obsoletes=1 gpgcheck=0 assumeyes=1 syslog_ident=mock syslog_device= [fedora] name=fedora mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-16&arch=i386 failovermethod=priority """ </pre> * Initialise mock build environment mock -r ds --init mock -r ds install pungi spin-kickstarts * Use a kickstart which you would normally use, but remove every section from it beside "@packages" Add your local repositories '''ds-build.cfg''' <pre> # Add the repos you wish to use to compose here. At least one of them needs group data. repo --name=fedora --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-$releasever&arch=$basearch --exclude kernel*debug* --exclude kernel-kdump* \ --exclude syslog-ng --exclude java-1.5.0-gcj-devel --exclude astronomy-bookmarks --exclude generic* --exclude java-1.5.0-gcj-javadoc --exclude btanks* --exclude GConf2-dbus* --exclude bluez-gnome repo --name=fedora-source --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-source-$releasever&arch=$basearch --exclude kernel*debug* --exclude kernel-kdump* \ --exclude syslog-ng --exclude java-1.5.0-gcj-devel --exclude astronomy-bookmarks --exclude generic* --exclude java-1.5.0-gcj-javadoc --exclude btanks* --exclude GConf2-dbus* --exclude bluez-gnome repo --name="base" --baseurl=http://ftp.videonext.net/private/Fedora/16/i386/os --cost=1 repo --name="vnrpms" --baseurl=http://ftp.dev.videonext.net/ks/ds/vnrpms %packages --default tcsh kernel* dracut-* # grub-efi and grub2 and efibootmgr so anaconda can use the right one on install. grub-efi grub2 efibootmgr @base-x boost xorg-x11-fonts-Type1 compiz openssh-server qt qtwebkit fbset libva libva-utils libXv libXtst perl-libwww-perl ntp ntp-perl net-tools ds-sos ds-vmx gdb watchdog %end </pre> * Install the build config into mock environment mock -r ds --copyin ds-build.cfg /usr/share/spin-kickstarts/ * Generate ISO tree mock -r ds --shell 'pungi --nosource --nodebuginfo -G -C -B --flavor Fedora --name Fedora --ver 16 -c /usr/share/spin-kickstarts/ds-build.cfg' * Copy customized version of messages and isolinux.cfg mock -r ds --copyin isolinux.cfg ds.msg videonext.lss /16/Fedora/i386/os/isolinux/ * Copy your kickstarts mock -r ds --copyin ks.cfg ks-lvds.cfg /16/Fedora/i386/os/ * Build the ISO mock -r ds --shell 'pungi --nosource --nodebuginfo -I --flavor Fedora --name Fedora --ver 16 -c /usr/share/spin-kickstarts/ds-build.cfg' * Enjoy 2cff11f4b640827aeb688541dc4bed4b74c46fac 0 5 512 483 2012-10-11T20:40:34Z Vvc 1 wikitext text/x-wiki [[How to create RedHat Driver Disk]] [[Full XEN|Full virtualization using XEN]] [[DomU|Building Xen Guest Linux System (Detailed)]] [[DomU_Easy|Building Xen Guest Linux System (Easy)]] [[DomU filesystem|How to access DomU filesystem]] [[Limit su| Limit su - root to group wheel only]] [[APCUPSD]] [[Anaconda]] [[RSyslog|Using rsyslog]] [[Encrypt Fedora|How to encrypt existing Fedora installation]] [[Convert to RAID|How to convert live Linux installation to software RAID]] [[ext4|Convert to ext4 file system]] [[Grub]] [[Winbind|Integrating Linux with Windows ADS using Winbind]] [[DRBD]] [[Pacemaker]] [[XEN with live migration with Pacemaker and DRBD]] [[Heartbeat]] [http://alexis.m2osw.com/console.html Prevent console going blank] [[LDAP Authentication]] [[Mock]] [[Persistent device name]] [[IPTables]] [[Kernel PPC|Building Redhat Linux PPC kernel for DRBD]] [[OMSA|Dell OpenManage Server administrator]] [[iSCSI]] [[mod_nss|mod_nss]] [[Category:Linux]] e36b31c35fb43a28ee70751991192cddd00c1cc1 521 512 2013-03-23T21:02:32Z Vvc 1 wikitext text/x-wiki [[How to create RedHat Driver Disk]] [[Build Linux kernel using mock]] [[Full XEN|Full virtualization using XEN]] [[DomU|Building Xen Guest Linux System (Detailed)]] [[DomU_Easy|Building Xen Guest Linux System (Easy)]] [[DomU filesystem|How to access DomU filesystem]] [[Limit su| Limit su - root to group wheel only]] [[APCUPSD]] [[Anaconda]] [[RSyslog|Using rsyslog]] [[Encrypt Fedora|How to encrypt existing Fedora installation]] [[Convert to RAID|How to convert live Linux installation to software RAID]] [[ext4|Convert to ext4 file system]] [[Grub]] [[Winbind|Integrating Linux with Windows ADS using Winbind]] [[DRBD]] [[Pacemaker]] [[XEN with live migration with Pacemaker and DRBD]] [[Heartbeat]] [http://alexis.m2osw.com/console.html Prevent console going blank] [[LDAP Authentication]] [[Mock]] [[Persistent device name]] [[IPTables]] [[Kernel PPC|Building Redhat Linux PPC kernel for DRBD]] [[OMSA|Dell OpenManage Server administrator]] [[iSCSI]] [[mod_nss|mod_nss]] [[Category:Linux]] 1d2b4f0867fc8b9a1163d552a20af40b036a622f 535 521 2013-06-17T15:30:10Z Vvc 1 wikitext text/x-wiki [[How to create RedHat Driver Disk]] [[Build Linux kernel using mock]] [[Full XEN|Full virtualization using XEN]] [[DomU|Building Xen Guest Linux System (Detailed)]] [[DomU_Easy|Building Xen Guest Linux System (Easy)]] [[DomU filesystem|How to access DomU filesystem]] [[Limit su| Limit su - root to group wheel only]] [[APCUPSD]] [[Anaconda]] [[RSyslog|Using rsyslog]] [[Encrypt Fedora|How to encrypt existing Fedora installation]] [[Convert to RAID|How to convert live Linux installation to software RAID]] [[ext4|Convert to ext4 file system]] [[Grub]] [[Winbind|Integrating Linux with Windows ADS using Winbind]] [[DRBD]] [[Pacemaker]] [[XEN with live migration with Pacemaker and DRBD]] [[Heartbeat]] [http://alexis.m2osw.com/console.html Prevent console going blank] [[LDAP Authentication]] [[Mock]] [[Persistent device name]] [[IPTables]] [[Kernel PPC|Building Redhat Linux PPC kernel for DRBD]] [[OMSA|Dell OpenManage Server administrator]] [[iSCSI]] [[mod_nss|mod_nss]] [[chroot|How to switch in chroot environment in rescue mode]] [[Category:Linux]] f99e144ea9aafa5e317a9b80f2c7e4e39816e8eb 544 535 2014-01-21T17:08:20Z Vvc 1 wikitext text/x-wiki [[How to create RedHat Driver Disk]] [[Build Linux kernel using mock]] [[Full XEN|Full virtualization using XEN]] [[DomU|Building Xen Guest Linux System (Detailed)]] [[DomU_Easy|Building Xen Guest Linux System (Easy)]] [[DomU filesystem|How to access DomU filesystem]] [[Limit su| Limit su - root to group wheel only]] [[APCUPSD]] [[Anaconda]] [[RSyslog|Using rsyslog]] [[Encrypt Fedora|How to encrypt existing Fedora installation]] [[Convert to RAID|How to convert live Linux installation to software RAID]] [[ext4|Convert to ext4 file system]] [[Grub]] [[Winbind|Integrating Linux with Windows ADS using Winbind]] [[DRBD]] [[Pacemaker]] [[XEN with live migration with Pacemaker and DRBD]] [[Heartbeat]] [http://alexis.m2osw.com/console.html Prevent console going blank] [[LDAP Authentication]] [[Mock]] [[Persistent device name]] [[IPTables]] [[Kernel PPC|Building Redhat Linux PPC kernel for DRBD]] [[OMSA|Dell OpenManage Server administrator]] [[iSCSI]] [[mod_nss|mod_nss]] [[chroot|How to switch in chroot environment in rescue mode]] [[resize|How to resize Linux disk]] [[Category:Linux]] 5b523bea0b7e5484d8bbdd23e7f9a1169833e9d2 6 110 514 2012-10-12T00:16:24Z Vvc 1 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 1 56 517 470 2012-10-24T23:59:33Z Vvc 1 wikitext text/x-wiki == Eat your heart out, Comcast and AT&T == Something to write home about [[Image:FIOS_Speed_Test.png]] 144d862040a37a47978c80b680a3118b7efb9b91 518 517 2012-10-25T12:14:45Z Vvc 1 wikitext text/x-wiki == Eat your hearts out, Comcast and AT&T == Something to write home about [[Image:FIOS_Speed_Test.png]] ---- :Courtesy of [http://myspeed.visualware.com Visualware] 912f546741182cc88bf7f7ca53a8ccace1a90381 0 3 519 493 2012-12-20T23:58:23Z Vvc 1 wikitext text/x-wiki [[inetd HTTP server]] [[patch]] [[Spamassassin watchdog]] [[OpenSSH tunnels]] [[PHP Debug]] [[Secure Tomcat]] [[procmail auto-reply]] [[Bind]] [[Perl]] [[TSM]] [[DRAC]] [[mod__nss|mod_nss]] [[Postgresql foreign keys]] a5d4627ee16288654d86270b5fa071501d9098e8 0 112 520 2012-12-20T23:59:20Z Vvc 1 Created page with "<source lang='sql'> SELECT tc.constraint_name, tc.constraint_type, tc.table_name, kcu.column_name, tc.is_deferrable, tc.initially_deferred, rc.match_option AS match_type, rc.u..." wikitext text/x-wiki <source lang='sql'> SELECT tc.constraint_name, tc.constraint_type, tc.table_name, kcu.column_name, tc.is_deferrable, tc.initially_deferred, rc.match_option AS match_type, rc.update_rule AS on_update, rc.delete_rule AS on_delete, ccu.table_name AS references_table, ccu.column_name AS references_field FROM information_schema.table_constraints tc LEFT JOIN information_schema.key_column_usage kcu ON tc.constraint_catalog = kcu.constraint_catalog AND tc.constraint_schema = kcu.constraint_schema AND tc.constraint_name = kcu.constraint_name LEFT JOIN information_schema.referential_constraints rc ON tc.constraint_catalog = rc.constraint_catalog AND tc.constraint_schema = rc.constraint_schema AND tc.constraint_name = rc.constraint_name LEFT JOIN information_schema.constraint_column_usage ccu ON rc.unique_constraint_catalog = ccu.constraint_catalog AND rc.unique_constraint_schema = ccu.constraint_schema AND rc.unique_constraint_name = ccu.constraint_name WHERE lower(tc.constraint_type) in ('foreign key') ; </source> bd767e574340614a2464f03be1770bde0fbbf67f 0 113 522 2013-03-23T21:03:08Z Vvc 1 Created page with " mock -v --target i686 --without xen --without debug --without debuginfo --without up --without kabichk \ -r epel-5-i386 --define="buildid .vvc" kernel-2.6.27.5-117.fc10.src.rpm" wikitext text/x-wiki mock -v --target i686 --without xen --without debug --without debuginfo --without up --without kabichk \ -r epel-5-i386 --define="buildid .vvc" kernel-2.6.27.5-117.fc10.src.rpm 43bd6335b4e06615915229b7cfe33f0fb23596e7 523 522 2013-03-24T17:15:10Z Vvc 1 wikitext text/x-wiki mock -v --target i686 --without xen --without debug --without debuginfo --without up --without kabichk \ -r epel-5-i386 kernel-2.6.25-14.vvc.el5.src.rpm 918d82240c252ab682303dffb403592b90730799 525 523 2013-04-25T12:10:45Z Vvc 1 wikitext text/x-wiki PAE kernel on RHEL5 mock -v --target i686 --without xen --without debug --without debuginfo --without up --without kabichk \ -r epel-5-i386 kernel-2.6.25-14.vvc.el5.src.rpm kernel on RHEL6 mock -v -r epel-6-i686 --taget i686 --without debug --without debuginfo --without kabichk \ --with firmware --without perf kernel-2.6.32-358.6.1.el6.vvc.src.rpm 42f2df6cd7ae0100f34faf4c6481d9b196a224b2 526 525 2013-04-25T12:11:09Z Vvc 1 wikitext text/x-wiki PAE kernel on RHEL5 mock -v --target i686 --without xen --without debug --without debuginfo --without up --without kabichk \ -r epel-5-i386 kernel-2.6.25-14.vvc.el5.src.rpm kernel on RHEL6 mock -v -r epel-6-i686 --target i686 --without debug --without debuginfo --without kabichk \ --with firmware --without perf kernel-2.6.32-358.6.1.el6.vvc.src.rpm 18350c4f002f789c75dd5c04dc59ec37ff277817 527 526 2013-04-25T12:11:59Z Vvc 1 wikitext text/x-wiki PAE kernel on RHEL5 mock -v --target i686 --without xen --without debug --without debuginfo --without up --without kabichk \ -r epel-5-i386 kernel-2.6.25-14.vvc.el5.src.rpm kernel on RHEL6 mock -v -r epel-6-i386 --target i686 --without debug --without debuginfo --without kabichk \ --with firmware --without perf kernel-2.6.32-358.6.1.el6.vvc.src.rpm 5b3af41bf48dc8c7adccb9dec094c318bb6ca2d0 0 10 528 37 2013-04-25T17:21:01Z Vvc 1 wikitext text/x-wiki [[Managing Certificate Authority]] [[Creating server certificate]] [[importing private RSA key into java keystore]] 77469d41627012835536d3a1c2e3f0032b747932 529 528 2013-04-25T17:21:11Z Vvc 1 wikitext text/x-wiki [[Managing Certificate Authority]] [[Creating server certificate]] [[Importing private RSA key into java keystore]] ce2aebf3e2dfe61b83d8bb78141b212e694b30a1 0 114 530 2013-04-25T17:28:43Z Vvc 1 Created page with "<pre> openssl pkcs12 -export -in server.crt -inkey server.key \ -out server.p12 -name myserver \ -CAfile ca.crt -caname myca </pre> <pre> keytoo..." wikitext text/x-wiki <pre> openssl pkcs12 -export -in server.crt -inkey server.key \ -out server.p12 -name myserver \ -CAfile ca.crt -caname myca </pre> <pre> keytool -importcert -trustcacerts -alias "videonext CA" \ -file videoNEXT.crt -keystore certificate.jks </pre> <pre> keytool -importkeystore -destkeystore server.jks \ -srckeystore server.p12 -srcstoretype PKCS12 -alias myserver </pre> e126c67c0f8cf68c75bbf4c6d453f60add5fb0e5 531 530 2013-04-25T17:29:35Z Vvc 1 wikitext text/x-wiki <pre> openssl pkcs12 -export -in server.crt -inkey server.key \ -out server.p12 -name myserver \ -CAfile ca.crt -caname myca </pre> <pre> keytool -importcert -trustcacerts -alias myca \ -file ca.crt -keystore server.jks </pre> <pre> keytool -importkeystore -destkeystore server.jks \ -srckeystore server.p12 -srcstoretype PKCS12 -alias myserver </pre> de0d9bfc9c621ec11511465d1e9d9ba85a3559fe 532 531 2013-04-30T19:26:25Z Vvc 1 wikitext text/x-wiki <pre> openssl pkcs12 -export -chain -in server.crt -inkey server.key \ -out server.p12 -name myserver \ -CAfile ca.crt </pre> <pre> keytool -importkeystore -destkeystore server.jks \ -srckeystore server.p12 -srcstoretype PKCS12 </pre> c05b78332e519bf815df798e44236664ed412e61 533 532 2013-04-30T19:27:43Z Vvc 1 wikitext text/x-wiki <pre> cat inter.crt root.crt > ca-chain.crt openssl pkcs12 -export -chain -in server.crt -inkey server.key \ -out server.p12 -name myserver \ -CAfile ca-chain.crt </pre> <pre> keytool -importkeystore -destkeystore server.jks \ -srckeystore server.p12 -srcstoretype PKCS12 </pre> 70a196300ee60175a2a420dc1ecadd3835cb8a37 0 98 534 466 2013-05-17T18:16:19Z Vvc 1 wikitext text/x-wiki * Configure DRAC network parameters <pre> racadm getconfig -g cfgLanNetworking racadm config -g cfgLanNetworking -o cfgNicUseDhcp 0 racadm config -g cfgLanNetworking -o cfgNicIpAddress 166.38.84.157 racadm config -g cfgLanNetworking -o cfgNicNetmask 255.255.255.128 racadm config -g cfgLanNetworking -o cfgNicGateway 166.38.84.254 racadm config -g cfgLanNetworking -o cfgDNSServer1 166.37.218.90 racadm config -g cfgLanNetworking -o cfgDNSServer2 166.33.193.132 racadm config -g cfgLanNetworking -o cfgDNSRacName ndceomp2b racadm config -g cfgLanNetworking -o cfgDNSDomainName vzbi.com racadm getconfig -g cfgLanNetworking </pre> * upload custom certificate <pre> racadm sslcertupload -t 2 -f CA.pem racadm sslkeyupload -t 1 -f ndceomp2b.key racadm sslcertupload -t 1 -f ndceomp2b.crt </pre> * user management <pre> racadm config -g cfgUserAdmin -i 2 -o cfgUserAdminPassword 123456 racadm config -g cfgUserAdmin -i 10 -o cfgUserAdminUserName admin racadm config -g cfgUserAdmin -i 10 -o cfgUserAdminPassword password racadm config -g cfgUserAdmin -i 10 -o cfgUserAdminEnable 1 racadm config -g cfgUserAdmin -i 10 -o cfgUserAdminPrivilege 0x000000f9 racadm config -g cfgUserAdmin -i 10 -o cfgUserAdminIpmiLanPrivilege 4 </pre> 479d8130910644df693472bc2344c61b07b20ccc 0 115 536 2013-06-17T15:48:05Z Vvc 1 Created page with "<source lang="bash"> mkdir /mnt/sysimange mount /dev/vg1/root /mnt/sysimange mount /dev/vg1/var /mnt/sysimange/var mount /dev/sda1 /mnt/sysimange/boot mount -t proc none /mnt/..." wikitext text/x-wiki <source lang="bash"> mkdir /mnt/sysimange mount /dev/vg1/root /mnt/sysimange mount /dev/vg1/var /mnt/sysimange/var mount /dev/sda1 /mnt/sysimange/boot mount -t proc none /mnt/sysimange/proc mount --rbind /sys /mnt/sysimange/sys mount --rbind /dev /mnt/sysimange/dev chroot /mnt/sysimange </source> 1a25f4983d9bc73d1197948c92f6f6ad37e4544d 0 1 537 485 2013-11-29T15:44:59Z Vvc 1 wikitext text/x-wiki __NOTOC__ = VVC Wiki = This is my own personal wiki. I mostly keep it for my own use, to remind me how I did some tasks, but if you find something useful, enjoy it on your own risk. Vadym Chepkov NB: ''"Never try to teach a pig to sing; it wastes your time and annoys the pig."'' == HOWTOs == [[MacOS]] [[Oracle]] [[Linux]] [[Solaris]] [[AIX]] [[OpenSSL]] [[ Subversion]] [[Useful]] [[WAS| WebSphere Application Server]] [[FreeBSD]] [[VMware]] == Miscellaneous == My certification authority ([http://www.chepkov.com/ca.html CA]) My RPM [http://www.chepkov.com/rpms/ repository] ---- <div style="text-align:right"> [[Image:Centos.png|link=http://www.centos.org|caption=CentOS]] </div> 0c81ab44e8e4d7fa8872196d9540494df404e4e7 0 116 538 2013-11-29T15:46:34Z Vvc 1 Created page with "[[Category:VMware]] [[Modify DNS servers on ESXi hosts]] [[Modify NTP servers on ESXi hosts]]" wikitext text/x-wiki [[Category:VMware]] [[Modify DNS servers on ESXi hosts]] [[Modify NTP servers on ESXi hosts]] af4aedd61752e53c7bc0d6d7d366b3c85a8d10e2 14 117 539 2013-11-29T15:47:05Z Vvc 1 Created page with "VMware related articles" wikitext text/x-wiki VMware related articles ffa4038b1b37477957b9f01ff23a1fe6899d038d 0 118 540 2013-11-29T15:49:25Z Vvc 1 Created page with " <source lang="powershell"> $hosts = get-vmhost foreach ($server in $hosts ) { Write-Host $server $currentnet = Get-VMHostNetwork -VMHost $server Set-VMHostNetwork -Netw..." wikitext text/x-wiki <source lang="powershell"> $hosts = get-vmhost foreach ($server in $hosts ) { Write-Host $server $currentnet = Get-VMHostNetwork -VMHost $server Set-VMHostNetwork -Network $currentnet -DnsAddress 10.70.32.3,10.70.10.3 -Confirm:$false } </source> 3abe8c73dac65e49eeca574a934b0cda67ccba5e 0 119 541 2013-11-29T15:50:26Z Vvc 1 Created page with "<source lang="powershell"> $hosts = get-vmhost foreach ($server in $hosts) { write-host $server $oldntps = Get-VMHostNtpServer -VMHost $server foreach ($ntp in $oldntps)..." wikitext text/x-wiki <source lang="powershell"> $hosts = get-vmhost foreach ($server in $hosts) { write-host $server $oldntps = Get-VMHostNtpServer -VMHost $server foreach ($ntp in $oldntps) { Remove-VmHostNtpServer -NtpServer $ntp -VMHost $server -Confirm:$false } Add-VmHostNtpServer -NtpServer "10.70.32.3" -VMHost $server Add-VmHostNtpServer -NtpServer "10.70.10.3" -VMHost $server Add-VmHostNtpServer -NtpServer "192.168.254.107" -VMHost $server Get-VmHostService -VMHost $server | Where-Object {$_.key -eq "ntpd"} | Restart-VMHostService -Confirm:$false } </source> 954c722d20a21327a491a9697f68a28f50d5d888 0 22 542 95 2013-12-16T20:11:53Z Vvc 1 wikitext text/x-wiki [[Solaris 5.10 IPC settings]] [[Solaris Sendmail]] a67d3af0f8b31009d44bcbb217868884d4b4c1e3 0 120 543 2013-12-16T20:12:12Z Vvc 1 Created page with " svccfg -s svc:/network/smtp:sendmail setprop config/local_only = false svcadm refresh svc:/network/smtp:sendmail svcadm restart svc:/network/smtp:sendmail" wikitext text/x-wiki svccfg -s svc:/network/smtp:sendmail setprop config/local_only = false svcadm refresh svc:/network/smtp:sendmail svcadm restart svc:/network/smtp:sendmail 4ccc10f93ed0a6e81fa5213336869e56ff62aec5 0 121 545 2014-01-21T17:09:37Z Vvc 1 Created page with "<source lang='bash'> for i in /sys/class/scsi_disk/* ; do echo '1' > $i/device/rescan done </source>" wikitext text/x-wiki <source lang='bash'> for i in /sys/class/scsi_disk/* ; do echo '1' > $i/device/rescan done </source> b1900a5834a9a3fd79de748ef4b7d06f1fe5046a 0 3 546 519 2014-01-30T14:39:19Z Vvc 1 wikitext text/x-wiki [[inetd HTTP server]] [[patch]] [[Spamassassin watchdog]] [[OpenSSH tunnels]] [[PHP Debug]] [[Secure Tomcat]] [[procmail auto-reply]] [[Bind]] [[Perl]] [[TSM]] [[DRAC]] [[mod__nss|mod_nss]] [[Postgresql foreign keys]] [[named-checkzone|How to check all named zones]] 37678668ac315843f30649be4a37fea15f1fc6f6 0 122 547 2014-01-30T14:40:51Z Vvc 1 Created page with "<source lang="bash"> egrep -w "zone|file" /var/named/config/named.conf | \ awk '{print $2}' | tr -d '[";]' | \ paste - - | while read zone file do named-checkzone -k ignore $..." wikitext text/x-wiki <source lang="bash"> egrep -w "zone|file" /var/named/config/named.conf | \ awk '{print $2}' | tr -d '[";]' | \ paste - - | while read zone file do named-checkzone -k ignore $zone $file done </source> e6bce0e26d02c6af1b828fa930d0ccddcf1f7219 548 547 2014-01-30T14:42:21Z Vvc 1 wikitext text/x-wiki <source lang="bash"> egrep -w "zone|file" /var/named/config/named.conf | \ awk '{print $2}' | tr -d '[";]' | \ paste - - | while read zone zonefile do named-checkzone -k ignore $zone $zonefile done </source> e384aa0b98dff2879881e98091c242eb487919af 549 548 2014-01-30T14:49:20Z Vvc 1 wikitext text/x-wiki <source lang="bash"> cd /var/named/config/namedb/ egrep -w "zone|file" /var/named/config/named.conf | \ awk '{print $2}' | tr -d '[";]' | \ paste - - | while read zone zonefile do named-checkzone -k ignore $zone $zonefile done </source> d5236a884f6de2394c7707fadbb0759714c1defc 0 116 550 538 2014-03-05T02:18:34Z Vvc 1 wikitext text/x-wiki [[Category:VMware]] [[Modify DNS servers on ESXi hosts]] [[Modify NTP servers on ESXi hosts]] [[Modify Syslog servers on ESXi hosts]] 13dbb932fe3ebef780420a6c1640eb8742f0f940 0 123 551 2014-03-05T02:27:52Z Vvc 1 Created page with "<source lang="powershell"> $hosts = get-vmhost foreach ($server in $hosts) { write-host $server Set-VMHostSysLogServer -vmhost $server -syslogserver 'tcp://syslog-server:1..." wikitext text/x-wiki <source lang="powershell"> $hosts = get-vmhost foreach ($server in $hosts) { write-host $server Set-VMHostSysLogServer -vmhost $server -syslogserver 'tcp://syslog-server:1514' } </source> 33fe859d7b960fb68dcddcdfd79f3090465c9bf9 552 551 2014-03-05T02:32:43Z Vvc 1 wikitext text/x-wiki <source lang="powershell"> $hosts = get-vmhost foreach ($server in $hosts) { write-host $server Set-VMHostSysLogServer -vmhost $server -syslogserver 'tcp://syslog-server:1514' $Reload = (Get-ESXCLI -vmhost $server).System.Syslog.reload() } </source> f7ec574fced17c978181a4a781a50981e4db6fd9 0 5 553 544 2014-03-22T18:23:03Z Vvc 1 wikitext text/x-wiki [[How to create RedHat Driver Disk]] [[Build Linux kernel using mock]] [[Full XEN|Full virtualization using XEN]] [[DomU|Building Xen Guest Linux System (Detailed)]] [[DomU_Easy|Building Xen Guest Linux System (Easy)]] [[DomU filesystem|How to access DomU filesystem]] [[Limit su| Limit su - root to group wheel only]] [[APCUPSD]] [[Anaconda]] [[RSyslog|Using rsyslog]] [[Encrypt Fedora|How to encrypt existing Fedora installation]] [[Convert to RAID|How to convert live Linux installation to software RAID]] [[ext4|Convert to ext4 file system]] [[Grub]] [[Winbind|Integrating Linux with Windows ADS using Winbind]] [[DRBD]] [[Pacemaker]] [[XEN with live migration with Pacemaker and DRBD]] [[Heartbeat]] [http://alexis.m2osw.com/console.html Prevent console going blank] [[LDAP Authentication]] [[Mock]] [[Persistent device name]] [[IPTables]] [[Kernel PPC|Building Redhat Linux PPC kernel for DRBD]] [[OMSA|Dell OpenManage Server administrator]] [[iSCSI]] [[mod_nss|mod_nss]] [[chroot|How to switch in chroot environment in rescue mode]] [[resize|How to resize Linux disk]] [[LSI StorCLI]] [[Category:Linux]] 2c9e496fb56c1e8a771c274b4a1fc9ec82a193aa 565 553 2016-05-18T19:23:50Z Vvc 1 wikitext text/x-wiki [[How to create RedHat Driver Disk]] [[Build Linux kernel using mock]] [[Full XEN|Full virtualization using XEN]] [[DomU|Building Xen Guest Linux System (Detailed)]] [[DomU_Easy|Building Xen Guest Linux System (Easy)]] [[DomU filesystem|How to access DomU filesystem]] [[Limit su| Limit su - root to group wheel only]] [[APCUPSD]] [[Anaconda]] [[RSyslog|Using rsyslog]] [[Encrypt Fedora|How to encrypt existing Fedora installation]] [[Convert to RAID|How to convert live Linux installation to software RAID]] [[ext4|Convert to ext4 file system]] [[Grub]] [[Winbind|Integrating Linux with Windows ADS using Winbind]] [[DRBD]] [[Pacemaker]] [[XEN with live migration with Pacemaker and DRBD]] [[Heartbeat]] [http://alexis.m2osw.com/console.html Prevent console going blank] [[LDAP Authentication]] [[Mock]] [[Persistent device name]] [[IPTables]] [[Kernel PPC|Building Redhat Linux PPC kernel for DRBD]] [[OMSA|Dell OpenManage Server administrator]] [[iSCSI]] [[mod_nss|mod_nss]] [[chroot|How to switch in chroot environment in rescue mode]] [[resize|How to resize Linux disk]] [[LSI StorCLI]] [[Multipath bindings]] [[Category:Linux]] 22c9c989358b2bb364a904f91577a24787f1506f 575 565 2018-09-15T17:10:30Z Vvc 1 wikitext text/x-wiki [[How to create RedHat Driver Disk]] [[Build Linux kernel using mock]] [[Full XEN|Full virtualization using XEN]] [[DomU|Building Xen Guest Linux System (Detailed)]] [[DomU_Easy|Building Xen Guest Linux System (Easy)]] [[DomU filesystem|How to access DomU filesystem]] [[Limit su| Limit su - root to group wheel only]] [[APCUPSD]] [[Anaconda]] [[RSyslog|Using rsyslog]] [[Encrypt Fedora|How to encrypt existing Fedora installation]] [[Convert to RAID|How to convert live Linux installation to software RAID]] [[ext4|Convert to ext4 file system]] [[Grub]] [[Winbind|Integrating Linux with Windows ADS using Winbind]] [[DRBD]] [[Pacemaker]] [[XEN with live migration with Pacemaker and DRBD]] [[Heartbeat]] [http://alexis.m2osw.com/console.html Prevent console going blank] [[LDAP Authentication]] [[Mock]] [[Persistent device name]] [[IPTables]] [[Kernel PPC|Building Redhat Linux PPC kernel for DRBD]] [[OMSA|Dell OpenManage Server administrator]] [[iSCSI]] [[mod_nss|mod_nss]] [[chroot|How to switch in chroot environment in rescue mode]] [[resize|How to resize Linux disk]] [[rescan|How to rescan SCSI bus]] [[LSI StorCLI]] [[Multipath bindings]] [[Category:Linux]] 96a816c2b003346ebfbf60a7e2bf695a4b0057fe 0 124 554 2014-03-22T18:33:52Z Vvc 1 Created page with "* Check physical disks <pre> # /opt/MegaRAID/storcli/storcli64 /c0 /eall /sall show Controller = 0 Status = Success Description = Show Drive Information Succeeded. Drive Inf..." wikitext text/x-wiki * Check physical disks <pre> # /opt/MegaRAID/storcli/storcli64 /c0 /eall /sall show Controller = 0 Status = Success Description = Show Drive Information Succeeded. Drive Information : ================= ------------------------------------------------------------------------- EID:Slt DID State DG Size Intf Med SED PI SeSz Model Sp ------------------------------------------------------------------------- 20:1 8 Onln 0 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:2 9 Onln 0 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:3 10 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:4 11 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:5 12 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:6 13 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:7 14 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:8 15 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:9 16 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:10 17 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:11 18 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:12 19 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U </pre> * Create RAID10 from available disks <pre> /opt/MegaRAID/storcli/storcli64 /c0 add vd type=r10 size=all drives=20:3-12 pdperarray=2 pdcache=on strip=64 </pre> * Check Logical drive status <pre> # /opt/MegaRAID/storcli/storcli64 /c0 /v1 show Controller = 0 Status = Success Description = None Virtual Drives : ============== ---------------------------------------------------------- DG/VD TYPE State Access Consist Cache sCC Size Name ---------------------------------------------------------- 1/1 RAID10 Optl RW No RaWBD - 4.087 TB ---------------------------------------------------------- </pre> * Initialize RAID <pre> /opt/MegaRAID/storcli/storcli64 /c0 /v1 start init </pre> 120ac4824a656cbe4e5b3294f1f450e59297e0bc 555 554 2014-03-22T18:34:24Z Vvc 1 wikitext text/x-wiki * Check physical disks <pre> # /opt/MegaRAID/storcli/storcli64 /c0 /eall /sall show Controller = 0 Status = Success Description = Show Drive Information Succeeded. Drive Information : ================= ------------------------------------------------------------------------- EID:Slt DID State DG Size Intf Med SED PI SeSz Model Sp ------------------------------------------------------------------------- 20:1 8 Onln 0 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:2 9 Onln 0 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:3 10 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:4 11 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:5 12 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:6 13 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:7 14 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:8 15 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:9 16 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:10 17 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:11 18 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:12 19 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U </pre> * Create RAID10 from available disks <pre> # /opt/MegaRAID/storcli/storcli64 /c0 add vd type=r10 size=all drives=20:3-12 pdperarray=2 pdcache=on strip=64 </pre> * Check Logical drive status <pre> # /opt/MegaRAID/storcli/storcli64 /c0 /v1 show Controller = 0 Status = Success Description = None Virtual Drives : ============== ---------------------------------------------------------- DG/VD TYPE State Access Consist Cache sCC Size Name ---------------------------------------------------------- 1/1 RAID10 Optl RW No RaWBD - 4.087 TB ---------------------------------------------------------- </pre> * Initialize RAID <pre> # /opt/MegaRAID/storcli/storcli64 /c0 /v1 start init </pre> 113110144c5a3ca9fc1edd46cc87cddd4948d7b1 556 555 2014-03-22T23:17:47Z Vvc 1 wikitext text/x-wiki * Check physical disks <pre> # /opt/MegaRAID/storcli/storcli64 /c0 /eall /sall show Controller = 0 Status = Success Description = Show Drive Information Succeeded. Drive Information : ================= ------------------------------------------------------------------------- EID:Slt DID State DG Size Intf Med SED PI SeSz Model Sp ------------------------------------------------------------------------- 20:1 8 Onln 0 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:2 9 Onln 0 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:3 10 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:4 11 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:5 12 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:6 13 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:7 14 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:8 15 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:9 16 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:10 17 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:11 18 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:12 19 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U </pre> * Create RAID10 from available disks <pre> # /opt/MegaRAID/storcli/storcli64 /c0 add vd type=r10 size=all drives=20:3-12 pdperarray=2 pdcache=on strip=64 </pre> * Check Logical drive status <pre> # /opt/MegaRAID/storcli/storcli64 /c0 /v1 show Controller = 0 Status = Success Description = None Virtual Drives : ============== ---------------------------------------------------------- DG/VD TYPE State Access Consist Cache sCC Size Name ---------------------------------------------------------- 1/1 RAID10 Optl RW No RaWBD - 4.087 TB ---------------------------------------------------------- </pre> * Initialize RAID <pre> # /opt/MegaRAID/storcli/storcli64 /c0 /v1 start init </pre> * Create file system <pre> # mkfs.xfs -L splunk -f -d su=64k,sw=5,agsize=$((45725424*4096)) /dev/vg1/splunk </pre> d2429fd7b3df3f3fd16ecd5214f2329d21acded1 557 556 2015-02-18T18:17:47Z Vvc 1 added consistency check wikitext text/x-wiki * Check physical disks <pre> # /opt/MegaRAID/storcli/storcli64 /c0 /eall /sall show Controller = 0 Status = Success Description = Show Drive Information Succeeded. Drive Information : ================= ------------------------------------------------------------------------- EID:Slt DID State DG Size Intf Med SED PI SeSz Model Sp ------------------------------------------------------------------------- 20:1 8 Onln 0 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:2 9 Onln 0 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:3 10 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:4 11 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:5 12 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:6 13 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:7 14 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:8 15 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:9 16 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:10 17 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:11 18 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:12 19 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U </pre> * Create RAID10 from available disks <pre> # /opt/MegaRAID/storcli/storcli64 /c0 add vd type=r10 size=all drives=20:3-12 pdperarray=2 pdcache=on strip=64 </pre> * Check Logical drive status <pre> # /opt/MegaRAID/storcli/storcli64 /c0 /v1 show Controller = 0 Status = Success Description = None Virtual Drives : ============== ---------------------------------------------------------- DG/VD TYPE State Access Consist Cache sCC Size Name ---------------------------------------------------------- 1/1 RAID10 Optl RW No RaWBD - 4.087 TB ---------------------------------------------------------- </pre> * Initialize RAID <pre> # /opt/MegaRAID/storcli/storcli64 /c0 /v1 start init </pre> * Initiate consistency check <pre> # /opt/MegaRAID/storcli/storcli64 /c0 /v1 start cc # /opt/MegaRAID/storcli/storcli64 /c0 /v1 show cc Controller = 0 Status = Success Description = None VD Operation Status : =================== ----------------------------------- VD Operation Progress% Status ----------------------------------- 1 CC 1 In progress ----------------------------------- </pre> * Create file system <pre> # mkfs.xfs -L splunk -f -d su=64k,sw=5,agsize=$((45725424*4096)) /dev/vg1/splunk </pre> a3cf34e2b1adb7f9db4740cc1552ad17f4c2b2e4 567 557 2016-08-12T00:07:01Z Vvc 1 wikitext text/x-wiki * Check physical disks <pre> # /opt/MegaRAID/storcli/storcli64 /c0 /eall /sall show Controller = 0 Status = Success Description = Show Drive Information Succeeded. Drive Information : ================= ------------------------------------------------------------------------- EID:Slt DID State DG Size Intf Med SED PI SeSz Model Sp ------------------------------------------------------------------------- 20:1 8 Onln 0 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:2 9 Onln 0 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:3 10 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:4 11 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:5 12 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:6 13 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:7 14 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:8 15 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:9 16 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:10 17 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:11 18 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:12 19 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U </pre> * Create RAID10 from available disks <pre> # /opt/MegaRAID/storcli/storcli64 /c0 add vd type=r10 size=all drives=20:3-12 pdperarray=2 pdcache=on strip=64 </pre> * Check Logical drive status <pre> # /opt/MegaRAID/storcli/storcli64 /c0 /v1 show Controller = 0 Status = Success Description = None Virtual Drives : ============== ---------------------------------------------------------- DG/VD TYPE State Access Consist Cache sCC Size Name ---------------------------------------------------------- 1/1 RAID10 Optl RW No RaWBD - 4.087 TB ---------------------------------------------------------- </pre> * Initialize RAID <pre> # /opt/MegaRAID/storcli/storcli64 /c0 /v1 start init </pre> * Initiate consistency check <pre> # /opt/MegaRAID/storcli/storcli64 /c0 /v1 start cc # /opt/MegaRAID/storcli/storcli64 /c0 /v1 show cc Controller = 0 Status = Success Description = None VD Operation Status : =================== ----------------------------------- VD Operation Progress% Status ----------------------------------- 1 CC 1 In progress ----------------------------------- </pre> * change CC rate <pre> # /opt/MegaRAID/storcli/storcli64 /c0 set ccrate=10 Controller = 0 Status = Success Description = None Controller Properties : ===================== ---------------- Ctrl_Prop Value ---------------- CC Rate 10% ---------------- </pre> * Change CC schedule <pre> # /opt/MegaRAID/storcli/storcli64 /c0 set cc=seq delay=1344 starttime=2016/08/14 04 Controller = 0 Status = Success Description = None Controller Properties : ===================== --------------------------------- Ctrl_Prop Value --------------------------------- CC Mode SEQ CC delay 1344 CC Starttime 2016/08/14 04:00:00 --------------------------------- </pre> * Create file system <pre> # mkfs.xfs -L splunk -f -d su=64k,sw=5,agsize=$((45725424*4096)) /dev/vg1/splunk </pre> 6d93a3364fbf7a591c7ec7ab9fa9409c5ae34e05 572 567 2018-03-14T19:23:40Z Vvc 1 wikitext text/x-wiki * Check physical disks <pre> # /opt/MegaRAID/storcli/storcli64 /c0 /eall /sall show Controller = 0 Status = Success Description = Show Drive Information Succeeded. Drive Information : ================= ------------------------------------------------------------------------- EID:Slt DID State DG Size Intf Med SED PI SeSz Model Sp ------------------------------------------------------------------------- 20:1 8 Onln 0 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:2 9 Onln 0 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:3 10 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:4 11 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:5 12 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:6 13 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:7 14 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:8 15 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:9 16 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:10 17 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:11 18 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:12 19 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U </pre> * Create RAID10 from available disks <pre> # /opt/MegaRAID/storcli/storcli64 /c0 add vd type=r10 size=all drives=20:3-12 pdperarray=2 pdcache=on strip=64 </pre> * Check Logical drive status <pre> # /opt/MegaRAID/storcli/storcli64 /c0 /v1 show Controller = 0 Status = Success Description = None Virtual Drives : ============== ---------------------------------------------------------- DG/VD TYPE State Access Consist Cache sCC Size Name ---------------------------------------------------------- 1/1 RAID10 Optl RW No RaWBD - 4.087 TB ---------------------------------------------------------- </pre> * Initialize RAID <pre> # /opt/MegaRAID/storcli/storcli64 /c0 /v1 start init full </pre> * Change write cache policy to WriteBack <pre> # /opt/MegaRAID/storcli/storcli64 /c0 /v1 set wrcache=wb </pre> * Initiate consistency check <pre> # /opt/MegaRAID/storcli/storcli64 /c0 /v1 start cc # /opt/MegaRAID/storcli/storcli64 /c0 /v1 show cc Controller = 0 Status = Success Description = None VD Operation Status : =================== ----------------------------------- VD Operation Progress% Status ----------------------------------- 1 CC 1 In progress ----------------------------------- </pre> * change CC rate <pre> # /opt/MegaRAID/storcli/storcli64 /c0 set ccrate=10 Controller = 0 Status = Success Description = None Controller Properties : ===================== ---------------- Ctrl_Prop Value ---------------- CC Rate 10% ---------------- </pre> * Change CC schedule <pre> # /opt/MegaRAID/storcli/storcli64 /c0 set cc=seq delay=1344 starttime=2016/08/14 04 Controller = 0 Status = Success Description = None Controller Properties : ===================== --------------------------------- Ctrl_Prop Value --------------------------------- CC Mode SEQ CC delay 1344 CC Starttime 2016/08/14 04:00:00 --------------------------------- </pre> * Create file system <pre> # mkfs.xfs -L splunk -f -d su=64k,sw=5,agsize=$((45725424*4096)) /dev/vg1/splunk </pre> 0a679ce1a11d9c9b687721d413c661e1767659ea 573 572 2018-03-19T08:14:54Z Vvc 1 wikitext text/x-wiki * Check physical disks <pre> # /opt/MegaRAID/storcli/storcli64 /c0 /eall /sall show Controller = 0 Status = Success Description = Show Drive Information Succeeded. Drive Information : ================= ------------------------------------------------------------------------- EID:Slt DID State DG Size Intf Med SED PI SeSz Model Sp ------------------------------------------------------------------------- 20:1 8 Onln 0 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:2 9 Onln 0 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:3 10 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:4 11 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:5 12 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:6 13 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:7 14 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:8 15 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:9 16 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:10 17 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:11 18 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:12 19 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U </pre> * Create RAID10 from available disks <pre> # /opt/MegaRAID/storcli/storcli64 /c0 add vd type=r10 size=all drives=20:3-12 pdperarray=2 pdcache=on strip=64 </pre> * Check Logical drive status <pre> # /opt/MegaRAID/storcli/storcli64 /c0 /v1 show Controller = 0 Status = Success Description = None Virtual Drives : ============== ---------------------------------------------------------- DG/VD TYPE State Access Consist Cache sCC Size Name ---------------------------------------------------------- 1/1 RAID10 Optl RW No RaWBD - 4.087 TB ---------------------------------------------------------- </pre> * Initialize RAID <pre> # /opt/MegaRAID/storcli/storcli64 /c0 /v1 start init full </pre> * Change write cache policy to WriteBack <pre> # /opt/MegaRAID/storcli/storcli64 /c0 /v1 set wrcache=wb </pre> * Initiate consistency check <pre> # /opt/MegaRAID/storcli/storcli64 /c0 /v1 start cc # /opt/MegaRAID/storcli/storcli64 /c0 /v1 show cc Controller = 0 Status = Success Description = None VD Operation Status : =================== ----------------------------------- VD Operation Progress% Status ----------------------------------- 1 CC 1 In progress ----------------------------------- </pre> * change CC rate <pre> # /opt/MegaRAID/storcli/storcli64 /c0 set ccrate=10 Controller = 0 Status = Success Description = None Controller Properties : ===================== ---------------- Ctrl_Prop Value ---------------- CC Rate 10% ---------------- </pre> * Change CC schedule <pre> # /opt/MegaRAID/storcli/storcli64 /c0 set cc=seq delay=1344 starttime=2016/08/14 04 Controller = 0 Status = Success Description = None Controller Properties : ===================== --------------------------------- Ctrl_Prop Value --------------------------------- CC Mode SEQ CC delay 1344 CC Starttime 2016/08/14 04:00:00 --------------------------------- </pre> * Create file system <pre> # mkfs.xfs -L splunk -f -d su=64k,sw=5,agcount=32 /dev/vg1/splunk </pre> 7bd8bac09e86cdc1b447a980691502e143510e64 574 573 2018-03-24T19:36:35Z Vvc 1 wikitext text/x-wiki * Check physical disks <pre> # /opt/MegaRAID/storcli/storcli64 /c0 /eall /sall show Controller = 0 Status = Success Description = Show Drive Information Succeeded. Drive Information : ================= ------------------------------------------------------------------------- EID:Slt DID State DG Size Intf Med SED PI SeSz Model Sp ------------------------------------------------------------------------- 20:1 8 Onln 0 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:2 9 Onln 0 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:3 10 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:4 11 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:5 12 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:6 13 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:7 14 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:8 15 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:9 16 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:10 17 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:11 18 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U 20:12 19 UGood - 837.258 GB SAS HDD N N 512B ST900MM0006 U </pre> * Create RAID10 from available disks <pre> # /opt/MegaRAID/storcli/storcli64 /c0 add vd type=r10 size=all name=splunk drives=20:3-12 pdperarray=2 pdcache=on strip=64 </pre> * Check Logical drive status <pre> # /opt/MegaRAID/storcli/storcli64 /c0 /v1 show Controller = 0 Status = Success Description = None Virtual Drives : ============== ----------------------------------------------------------- DG/VD TYPE State Access Consist Cache sCC Size Name ----------------------------------------------------------- 1/1 RAID10 Optl RW No RaWBD - 4.087 TB splunk ----------------------------------------------------------- </pre> * Initialize RAID <pre> # /opt/MegaRAID/storcli/storcli64 /c0 /v1 start init full </pre> * Change write cache policy to WriteBack <pre> # /opt/MegaRAID/storcli/storcli64 /c0 /v1 set wrcache=wb </pre> * Initiate consistency check <pre> # /opt/MegaRAID/storcli/storcli64 /c0 /v1 start cc # /opt/MegaRAID/storcli/storcli64 /c0 /v1 show cc Controller = 0 Status = Success Description = None VD Operation Status : =================== ----------------------------------- VD Operation Progress% Status ----------------------------------- 1 CC 1 In progress ----------------------------------- </pre> * change CC rate <pre> # /opt/MegaRAID/storcli/storcli64 /c0 set ccrate=10 Controller = 0 Status = Success Description = None Controller Properties : ===================== ---------------- Ctrl_Prop Value ---------------- CC Rate 10% ---------------- </pre> * Change CC schedule <pre> # /opt/MegaRAID/storcli/storcli64 /c0 set cc=seq delay=1344 starttime=2016/08/14 04 Controller = 0 Status = Success Description = None Controller Properties : ===================== --------------------------------- Ctrl_Prop Value --------------------------------- CC Mode SEQ CC delay 1344 CC Starttime 2016/08/14 04:00:00 --------------------------------- </pre> * Create file system <pre> # mkfs.xfs -L splunk -f -d su=64k,sw=5,agcount=32 /dev/vg1/splunk </pre> 7a55f43339e54cfceb98b03455791fb80ae7f405 0 115 559 536 2015-12-12T03:31:13Z Vvc 1 typo wikitext text/x-wiki <source lang="bash"> mkdir /mnt/sysimage mount /dev/vg1/root /mnt/sysimage mount /dev/vg1/var /mnt/sysimage/var mount /dev/sda1 /mnt/sysimage/boot mount -t proc none /mnt/sysimage/proc mount --rbind /sys /mnt/sysimage/sys mount --rbind /dev /mnt/sysimage/dev chroot /mnt/sysimage </source> ace74fd42d2b0e14c69495aea8b22a6561e39cd2 570 559 2017-02-20T10:04:53Z Vvc 1 wikitext text/x-wiki <source lang="bash"> mkdir /mnt/sysimage mount /dev/vg0/root /mnt/sysimage mount /dev/vg0/var /mnt/sysimage/var mount /dev/sda1 /mnt/sysimage/boot mount -t proc none /mnt/sysimage/proc mount --rbind /sys /mnt/sysimage/sys mount --rbind /dev /mnt/sysimage/dev chroot /mnt/sysimage </source> b91f87817a80f523a8628289bfb6c744bb327534 571 570 2017-02-20T10:05:32Z Vvc 1 wikitext text/x-wiki <source lang="bash"> mkdir /mnt/sysimage mount /dev/vg0/root /mnt/sysimage mount /dev/vg0/var /mnt/sysimage/var mount /dev/sda1 /mnt/sysimage/boot mount -t proc none /mnt/sysimage/proc mount --rbind /sys /mnt/sysimage/sys mount --rbind /dev /mnt/sysimage/dev chroot /mnt/sysimage </source> [[Category:Linux]] 34fd23476a3d07fbea39b9878d2c0a20a503a9f2 0 13 560 456 2016-02-16T13:39:14Z Vvc 1 wikitext text/x-wiki === Create openssl config file === Here is an example of server.cnf <pre> [ req ] default_bits = 2048 default_md = sha2 distinguished_name = req_dn req_extensions = cert_type prompt = no [ req_dn ] # country (2 letter code) C=US # State or Province Name (full name) ST=Missouri # Locality Name (eg. city) L=St. Louis # Organization (eg. company) O=IVK/VVC # Organizational Unit Name (eg. section) OU=VPS1 server # Common Name (*.example.com is also possible) CN=vps1.chepkov.com # E-mail contact emailAddress=root@ivk.com.au [ cert_type ] keyUsage=digitalSignature,keyEncipherment extendedKeyUsage=serverAuth subjectAltName=IP:209.20.74.232,DNS:vps1.chepkov.com,DNS:ivk.com.au </pre> *Note: Using a file like this with ''subjectAltName'' is the only way to generate a request that will result in a certificate that is valid for more than one ''name''. === Generate server private key === openssl genrsa -out server.key 2048 === Generate certificate request === openssl req -new -key server.key -out server.csr -config server.cnf Now you need to send your request to a certificate authority or if you have your own, sign the request (see [[Managing_Certificate_Authority#Signing_Certificate_Request|example]]) You will get server certificate server.crt [[Category:OpenSSL]] 68ee3c782fc86c3139a97a9f289740915528e2f7 561 560 2016-02-26T14:17:54Z Vvc 1 /* Create openssl config file */ wikitext text/x-wiki === Create openssl config file === Here is an example of server.cnf <pre> [ req ] default_bits = 2048 default_md = sha1 distinguished_name = req_dn req_extensions = cert_type prompt = no [ req_dn ] # country (2 letter code) C=US # State or Province Name (full name) ST=Missouri # Locality Name (eg. city) L=St. Louis # Organization (eg. company) O=IVK/VVC # Organizational Unit Name (eg. section) OU=VPS1 server # Common Name (*.example.com is also possible) CN=vps1.chepkov.com # E-mail contact emailAddress=root@ivk.com.au [ cert_type ] keyUsage=digitalSignature,keyEncipherment extendedKeyUsage=serverAuth subjectAltName=IP:209.20.74.232,DNS:vps1.chepkov.com,DNS:ivk.com.au </pre> *Note: Using a file like this with ''subjectAltName'' is the only way to generate a request that will result in a certificate that is valid for more than one ''name''. === Generate server private key === openssl genrsa -out server.key 2048 === Generate certificate request === openssl req -new -key server.key -out server.csr -config server.cnf Now you need to send your request to a certificate authority or if you have your own, sign the request (see [[Managing_Certificate_Authority#Signing_Certificate_Request|example]]) You will get server certificate server.crt [[Category:OpenSSL]] f0b5ee4d59ae5c328647f8b1b8863b140d123aeb 568 561 2016-10-16T15:23:22Z Vvc 1 wikitext text/x-wiki === Create openssl config file === Here is an example of server.cnf <pre> [ req ] default_bits = 2048 default_md = sha1 distinguished_name = req_dn req_extensions = cert_type prompt = no [ req_dn ] # country (2 letter code) C=US # State or Province Name (full name) ST=Missouri # Locality Name (eg. city) L=St. Louis # Organization (eg. company) O=IVK/VVC # Organizational Unit Name (eg. section) OU=VPS1 server # Common Name (*.example.com is also possible) CN=vps1.chepkov.com # E-mail contact emailAddress=root@ivk.com.au [ cert_type ] keyUsage=digitalSignature,keyEncipherment extendedKeyUsage=serverAuth subjectAltName=IP:209.20.74.232,DNS:vps1.chepkov.com,DNS:ivk.com.au </pre> *Note: Using a file like this with ''subjectAltName'' is the only way to generate a request that will result in a certificate that is valid for more than one ''name''. === Generate server private key === openssl genrsa -out server.key 2048 === Generate certificate request === openssl req -new -key server.key -out server.csr -config server.cnf Now you need to send your request to a certificate authority or if you have your own, sign the request (see [[Managing_Certificate_Authority#Signing_Certificate_Request|example]]) You will get server certificate server.crt === Generate self-signed certificate === openssl req -x509 -new -days 3650 -key server.key -out server.crt -config server.cnf -extensions cert_type [[Category:OpenSSL]] e3c481dd1999fe9b3e303d08707dcdf893025ced 569 568 2016-10-16T15:23:51Z Vvc 1 /* Generate self-signed certificate */ wikitext text/x-wiki === Create openssl config file === Here is an example of server.cnf <pre> [ req ] default_bits = 2048 default_md = sha1 distinguished_name = req_dn req_extensions = cert_type prompt = no [ req_dn ] # country (2 letter code) C=US # State or Province Name (full name) ST=Missouri # Locality Name (eg. city) L=St. Louis # Organization (eg. company) O=IVK/VVC # Organizational Unit Name (eg. section) OU=VPS1 server # Common Name (*.example.com is also possible) CN=vps1.chepkov.com # E-mail contact emailAddress=root@ivk.com.au [ cert_type ] keyUsage=digitalSignature,keyEncipherment extendedKeyUsage=serverAuth subjectAltName=IP:209.20.74.232,DNS:vps1.chepkov.com,DNS:ivk.com.au </pre> *Note: Using a file like this with ''subjectAltName'' is the only way to generate a request that will result in a certificate that is valid for more than one ''name''. === Generate server private key === openssl genrsa -out server.key 2048 === Generate certificate request === openssl req -new -key server.key -out server.csr -config server.cnf Now you need to send your request to a certificate authority or if you have your own, sign the request (see [[Managing_Certificate_Authority#Signing_Certificate_Request|example]]) You will get server certificate server.crt === Generate self-signed certificate === openssl req -new -x509 -days 3650 -key server.key -out server.crt -config server.cnf -extensions cert_type [[Category:OpenSSL]] 078532565b68b48ebf98ef70be89d4f30f14a8f4 588 569 2018-10-07T14:03:35Z Vvc 1 wikitext text/x-wiki === Create openssl config file === Here is an example of server.cnf <pre> [ req ] default_bits = 2048 default_md = sha256 distinguished_name = req_dn req_extensions = cert_type prompt = no [ req_dn ] # country (2 letter code) C=US # State or Province Name (full name) ST=Virginia # Locality Name (eg. city) L=Leesburg # Organization (eg. company) O=VVC # Organizational Unit Name (eg. section) OU=IT # Common Name (*.example.com is also possible) CN=chepkov.com # E-mail contact emailAddress=vvc@chepkov.com [ cert_type ] keyUsage=digitalSignature,keyEncipherment extendedKeyUsage=serverAuth subjectAltName=DNS:www.chepkov.com,DNS:chepkov.com,IP:50.116.54.18 </pre> *Note: Using a file like this with ''subjectAltName'' is the only way to generate a request that will result in a certificate that is valid for more than one ''name''. === Generate server private key === openssl genrsa -out server.key 2048 === Generate certificate request === openssl req -new -key server.key -out server.csr -config server.cnf Now you need to send your request to a certificate authority or if you have your own, sign the request (see [[Managing_Certificate_Authority#Signing_Certificate_Request|example]]) You will get server certificate server.crt === Generate self-signed certificate === openssl req -new -x509 -days 3650 -key server.key -out server.crt -config server.cnf -extensions cert_type [[Category:OpenSSL]] df5963ccfd55de897713f078cbc9928ccd5a9790 590 588 2018-10-07T14:05:04Z Vvc 1 wikitext text/x-wiki === Create openssl config file === Here is an example of server.cnf <pre> [ req ] default_bits = 2048 default_md = sha256 distinguished_name = req_dn req_extensions = cert_type prompt = no [ req_dn ] # country (2 letter code) C=US # State or Province Name (full name) ST=Virginia # Locality Name (eg. city) L=Leesburg # Organization (eg. company) O=Vadym Chepkov # Organizational Unit Name (eg. section) OU=IT # Common Name (*.example.com is also possible) CN=chepkov.com # E-mail contact emailAddress=vvc@chepkov.com [ cert_type ] keyUsage=digitalSignature,keyEncipherment extendedKeyUsage=serverAuth subjectAltName=DNS:www.chepkov.com,DNS:chepkov.com,IP:50.116.54.18 </pre> *Note: Using a file like this with ''subjectAltName'' is the only way to generate a request that will result in a certificate that is valid for more than one ''name''. === Generate server private key === openssl genrsa -out server.key 2048 === Generate certificate request === openssl req -new -key server.key -out server.csr -config server.cnf Now you need to send your request to a certificate authority or if you have your own, sign the request (see [[Managing_Certificate_Authority#Signing_Certificate_Request|example]]) You will get server certificate server.crt === Generate self-signed certificate === openssl req -new -x509 -days 3650 -key server.key -out server.crt -config server.cnf -extensions cert_type [[Category:OpenSSL]] 93f375ee51d1824fa41bf06cd8a5fe71ad9aee8f 0 10 562 529 2016-05-12T12:19:51Z Vvc 1 wikitext text/x-wiki [[Managing Certificate Authority]] [[Creating server certificate]] [[Importing private RSA key into java keystore]] [[Print all certificates in a bundle]] 3216baeedd8cb85736a9ce4a018a3f8fb1580ddc 0 126 563 2016-05-12T12:20:33Z Vvc 1 Created page with " <nowiki>openssl crl2pkcs7 -nocrl -certfile bundle.crt | openssl pkcs7 -print_certs -text -noout</nowiki>" wikitext text/x-wiki <nowiki>openssl crl2pkcs7 -nocrl -certfile bundle.crt | openssl pkcs7 -print_certs -text -noout</nowiki> efa881b5cb61d7696050ee982ddbc303476b94ee 564 563 2016-05-12T12:21:20Z Vvc 1 wikitext text/x-wiki <pre> openssl crl2pkcs7 -nocrl -certfile bundle.crt | openssl pkcs7 -print_certs -text -noout </pre> ccef9a243fd40540469a365fd740bff9d64399a3 0 127 566 2016-05-18T19:38:20Z Vvc 1 Created page with "* Create file with friendly names and LUN id, for example <pre> ORACLE_UAT_BWDLIVE_ARCH_1 10 ORACLE_UAT_BWDLIVE_DATA_1 11 ORACLE_UAT_BWDLIVE_DATA_2 12 </pre> * Run mpath-..." wikitext text/x-wiki * Create file with friendly names and LUN id, for example <pre> ORACLE_UAT_BWDLIVE_ARCH_1 10 ORACLE_UAT_BWDLIVE_DATA_1 11 ORACLE_UAT_BWDLIVE_DATA_2 12 </pre> * Run mpath-bindings script: <source lang="perl"> #!/usr/bin/perl use strict; my $wwid=''; my ($lun, $device); my $mapfile = $ARGV[0]; my %maps = (); open(MF,"<$mapfile") or die "Couldn't open $mapfile with VOL_NAME LUN_ID"; while (my $line = <MF>) { if ($line =~ m/^(\w+)\W+(\d+)/ ) { my $vol = $1; my $id = $2; $maps{$id} = $vol; } } close(MF); open(MP,'multipath -l|') or die "$@"; while(my $line=<MP>) { if ($line =~ m/^(\w+)\s+\((\w+)\)/ ) { if ($wwid ne '') { print $maps{$lun},"\t",$wwid,"\n"; } $device = $1; $wwid = $2; } elsif ($line =~ m/\d+:\d+:\d+:(\d+)/ ) { $lun = $1; } } if ($wwid ne '') { print $maps{$lun},"\t",$wwid,"\n"; } close(MP) or die "$@"; </source> * stop mutipathd service mutipathd stop * flush multipath maps multipath -F * replace content of /etc/multipath/bindings with output of the perl script <pre> # Multipath bindings, Version : 1.0 # # Format: # alias wwid # ORACLE_UAT_BWDLIVE_ARCH_1 3624a937071eb00640bd43d2a00012813 ORACLE_UAT_BWDLIVE_DATA_1 3624a937071eb00640bd43d2a00012811 ORACLE_UAT_BWDLIVE_DATA_2 3624a937071eb00640bd43d2a00012812 </pre> * adjust /etc/mutipath.conf <pre> defaults { find_multipaths no user_friendly_names yes } </pre> * start mutipathd service multipathd start * enjoy <pre> # multipath -ll </pre> a03fa08ae587d1353e12436ab6c7d06f5d7bdb04 0 128 576 2018-09-15T17:10:51Z Vvc 1 Created page with "rescan-scsi-bus.sh -a" wikitext text/x-wiki rescan-scsi-bus.sh -a 79a9e6d14489e0c0aaef2db48a308b95a2ac09a5 577 576 2018-09-15T17:12:01Z Vvc 1 wikitext text/x-wiki <nowiki> # rpm -qf /usr/bin/rescan-scsi-bus.sh sg3_utils-1.28-13.el6.x86_64 rescan-scsi-bus.sh -a </nowiki> 6d302b0751bff3cb9998e6255efd1f4836d89ead 578 577 2018-09-15T17:12:14Z Vvc 1 wikitext text/x-wiki <nowiki> # rpm -qf /usr/bin/rescan-scsi-bus.sh sg3_utils-1.28-13.el6.x86_64 rescan-scsi-bus.sh -a </nowiki> e2eb862d5d2bf91c71b844eb3794e54a73414f0b 579 578 2018-09-15T17:28:41Z Vvc 1 wikitext text/x-wiki install rpm sg3_utils <source lang='bash'> rescan-scsi-bus.sh -a </source> 5ec1998ed25555999f4fa68a17a57758d051df44 585 579 2018-09-15T17:39:56Z Vvc 1 wikitext text/x-wiki install rpm sg3_utils <pre> rescan-scsi-bus.sh -a </pre> f0ba6526ab3392853caedcdb736b1fb1d4755dba 0 121 580 545 2018-09-15T17:33:35Z Vvc 1 wikitext text/x-wiki <code> for i in /sys/class/scsi_disk/* ; do echo '1' > $i/device/rescan done </code> c97daf51e47c6ba777a8a9047c3a0a295709f07c 581 580 2018-09-15T17:34:05Z Vvc 1 wikitext text/x-wiki <source> for i in /sys/class/scsi_disk/* ; do echo '1' > $i/device/rescan done </source> 69a663b2868a4a2c9472fa0cb8c58f7e32eec5fb 582 581 2018-09-15T17:34:48Z Vvc 1 wikitext text/x-wiki <source lans='Shell'> for i in /sys/class/scsi_disk/* ; do echo '1' > $i/device/rescan done </source> b6859e87d5910bacbea768aa639bbf482fd7718b 583 582 2018-09-15T17:34:59Z Vvc 1 wikitext text/x-wiki <source lang='Shell'> for i in /sys/class/scsi_disk/* ; do echo '1' > $i/device/rescan done </source> b62419ea136047ff7b4bcce6546a94c8411ab4a4 584 583 2018-09-15T17:36:14Z Vvc 1 wikitext text/x-wiki <code> for i in /sys/class/scsi_disk/* ; do echo '1' > $i/device/rescan done </code> c97daf51e47c6ba777a8a9047c3a0a295709f07c 586 584 2018-09-15T17:40:23Z Vvc 1 wikitext text/x-wiki <pre> for i in /sys/class/scsi_disk/* ; do echo '1' > $i/device/rescan done </pre> e0353e7a773ab27b069e69f5b3cfb6c354695770 0 1 587 537 2018-09-16T18:12:52Z Vvc 1 wikitext text/x-wiki __NOTOC__ = VVC Wiki = This is my own personal wiki. I mostly keep it for my own use, to remind me how I did some tasks, but if you find something useful, enjoy it on your own risk. Vadym Chepkov NB: ''"Never try to teach a pig to sing; it wastes your time and annoys the pig."'' == HOWTOs == [[MacOS]] [[Oracle]] [[Linux]] [[Solaris]] [[AIX]] [[OpenSSL]] [[ Subversion]] [[Useful]] [[WAS| WebSphere Application Server]] [[FreeBSD]] [[VMware]] == Miscellaneous == My RPMs [http://www.chepkov.com/rpms/ repository] ---- <div style="text-align:right"> [[Image:Centos.png|link=http://www.centos.org|caption=CentOS]] </div> d0a9a281058e01f8c374ab2898cf45d6b126eae6 597 587 2020-10-31T15:32:44Z Vvc 1 wikitext text/x-wiki __NOTOC__ = VVC Wiki = This is my own personal wiki. I mostly keep it for my own use, to remind me how I did some tasks, but if you find something useful, enjoy it on your own risk. Vadym Chepkov NB: ''"Never try to teach a pig to sing; it wastes your time and annoys the pig."'' == HOWTOs == [[macOS]] [[Oracle]] [[Linux]] [[OpenSSL]] [[Useful]] [[FreeBSD]] [[VMware]] == Miscellaneous == My RPMs [http://www.chepkov.com/rpms/ repository] ---- <div style="text-align:right"> [[Image:Centos.png|link=http://www.centos.org|caption=CentOS]] </div> ac5e029cffdc1c7ddadcf2bf469b1497513b6b83 599 597 2020-12-11T11:58:07Z Vvc 1 wikitext text/x-wiki __NOTOC__ = VVC Wiki = This is my own personal wiki. I mostly keep it for my own use, to remind me how I did some tasks, but if you find something useful, enjoy it on your own risk. Vadym Chepkov NB: ''"Never try to teach a pig to sing; it wastes your time and annoys the pig."'' == HOWTOs == [[macOS]] [[Oracle]] [[Linux]] [[OpenSSL]] [[Useful]] [[FreeBSD]] [[VMware]] == Miscellaneous == My RPMs [http://www.chepkov.com/rpms/ repository] ---- <div style="text-align:right"> [[Image:RockyLinux.png|link=https://rockylinux.org|caption=Rocky Linux]] </div> d699fd8f81bbda0a7dc488ececc9c7fdcb17b2f7 0 12 589 206 2018-10-07T14:04:40Z Vvc 1 wikitext text/x-wiki This article should help you to run your own '''certificate authority (CA)'''. == Creating CA == We will keep all files related to our CA in directory '''/root/CA''' === openssl.conf === First, we will create OpenSSL configuration file. It can be stored anywere and referenced by environment variable <pre> export OPENSSL_CONF=/root/CA/openssl.conf </pre> Here is my file <pre> [ ca ] default_ca = CA_default [ CA_default ] dir = /root/CA new_certs_dir = $dir/certs database = $dir/index.txt unique_subject = no certificate = $dir/cacert.pem private_key = $dir/private/cakey.pem serial = $dir/serial crl = $dir/crl.pem RANDFILE = $dir/private/.rand x509_extensions = usr_cert name_opt = ca_default cert_opt = ca_default copy_extensions = copy default_days = 365 default_crl_days= 35 default_md = sha256 preserve = no policy = policy_any [ policy_any ] countryName = supplied stateOrProvinceName = supplied localityName = supplied organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = supplied [ req ] default_bits = 1024 default_md = sha1 distinguished_name = req_distinguished_name prompt = no x509_extensions = v3_ca [ req_distinguished_name ] countryName = US stateOrProvinceName = Virginia localityName = Leesburg organizationName = Vadym Chepkov organizationalUnitName = Vadym Chepkov CA commonName = Vadym Chepkov CA emailAddress = vvc@chepkov.com [ v3_ca ] subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer:always keyUsage = critical,keyCertSign,cRLSign basicConstraints = critical,CA:TRUE,pathlen:1 subjectAltName=email:copy issuerAltName=issuer:copy authorityInfoAccess = caIssuers;URI:http://www.chepkov.com/ca.html crlDistributionPoints=URI:http://www.chepkov.com/vvc-ca.crl [ intermediate_ca ] subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer:always keyUsage = critical,keyCertSign,cRLSign basicConstraints = critical,CA:TRUE,pathlen:0 subjectAltName=email:copy issuerAltName=issuer:copy authorityInfoAccess = caIssuers;URI:http://www.chepkov.com/ca.html crlDistributionPoints=URI:http://www.chepkov.com/vvc-ca.crl [ usr_cert ] basicConstraints = critical,CA:FALSE keyUsage = critical,digitalSignature,keyAgreement subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer issuerAltName=issuer:copy authorityInfoAccess = caIssuers;URI:http://www.chepkov.com/ca.html crlDistributionPoints=URI:http://www.chepkov.com/vvc-ca.crl [ server ] basicConstraints = critical,CA:FALSE subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer:always extendedKeyUsage=serverAuth keyUsage = critical,digitalSignature, keyEncipherment authorityInfoAccess = caIssuers;URI:http://www.chepkov.com/ca.html crlDistributionPoints=URI:http://www.chepkov.com/vvc-ca.crl </pre> === Creating initial database === <pre> cd /root/CA mkdir certs private chmod 700 private echo 01 > serial touch index.txt index.txt.attr </pre> === Creating CA private key === openssl genrsa -out private/cakey.pem 2048 === Creating CA certificate request === openssl req -new -key private/cakey.pem -out ca.csr === Self-signing CA certificate === openssl ca -selfsign -in ca.csr -keyfile private/cakey.pem -out cacert.pem -extensions v3_ca -verbose -enddate 361231235959Z === Signing Certificate Request === openssl ca -days 730 -in server.csr -out server.crt -extensions server Make sure expiration day of the certificate does not exceed expiration day of your certificate authority. You don't have to specify '''days''' argument if you want to use default from openssl.conf === Revoking a certificate === openssl ca -revoke cert.pem === Generating Certificate Revocation List (CRL) === openssl ca -gencrl -out crl.pem openssl crl -in crl.pem -out crl.crl -outform DER [[Category:OpenSSL]] 78d215dbadec17b965ee7852f72655b63e74b725 6 129 591 2018-10-11T01:08:50Z Vvc 1 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 1 56 592 518 2018-10-11T01:15:34Z Vvc 1 wikitext text/x-wiki == Eat your hearts out, Comcast and AT&T == Something to write home about [[Image:Speedtest2018.png|400px]] ---- :Courtesy of [http://www.speedtest.net/ Speedtest by Ookla] 2ef328e679e067f7cf322fd9f0a52ac44754005f 8 130 596 2019-03-27T00:05:44Z Vvc 1 Created page with "/* Any JavaScript here will be loaded for all users on every page load. */ function countdown(endDate) { let days, hours, minutes, seconds; endDate = new Date(endDate)..." javascript text/javascript /* Any JavaScript here will be loaded for all users on every page load. */ function countdown(endDate) { let days, hours, minutes, seconds; endDate = new Date(endDate).getTime(); if (isNaN(endDate)) { return; } setInterval(calculate, 1000); function calculate() { let startDate = new Date(); startDate = startDate.getTime(); let timeRemaining = parseInt((endDate - startDate) / 1000); if (timeRemaining >= 0) { days = parseInt(timeRemaining / 86400); timeRemaining = (timeRemaining % 86400); hours = parseInt(timeRemaining / 3600); timeRemaining = (timeRemaining % 3600); minutes = parseInt(timeRemaining / 60); timeRemaining = (timeRemaining % 60); seconds = parseInt(timeRemaining); document.getElementById("days").innerHTML = parseInt(days, 10); document.getElementById("hours").innerHTML = ("0" + hours).slice(-2); document.getElementById("minutes").innerHTML = ("0" + minutes).slice(-2); document.getElementById("seconds").innerHTML = ("0" + seconds).slice(-2); } else { return; } } } 240c3dc413ed53eb15f57df945d5762747a40d4d 6 131 598 2020-12-11T11:56:59Z Vvc 1 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 6 132 600 2020-12-23T14:22:52Z Vvc 1 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 0 1 601 599 2020-12-23T14:27:07Z Vvc 1 wikitext text/x-wiki __NOTOC__ = VVC Wiki = This is my own personal wiki. I mostly keep it for my own use, to remind me how I did some tasks, but if you find something useful, enjoy it on your own risk. Vadym Chepkov NB: ''"Never try to teach a pig to sing; it wastes your time and annoys the pig."'' == HOWTOs == [[macOS]] [[Oracle]] [[Linux]] [[OpenSSL]] [[Useful]] [[FreeBSD]] [[VMware]] == Miscellaneous == My RPMs [http://www.chepkov.com/rpms/ repository] ---- <div style="text-align:right"> [[Image:Rocky-logo-text.svg|320x70px|link=https://rockylinux.org|caption=Rocky Linux]] </div> 4f160ec3547b5bba5b53e8c7bbb9c80a35af3ab6 603 601 2021-03-16T22:55:24Z Vvc 1 wikitext text/x-wiki __NOTOC__ = VVC Wiki = This is my own personal wiki. I mostly keep it for my own use, to remind me how I did some tasks, but if you find something useful, enjoy it on your own risk. Vadym Chepkov NB: ''"Never try to teach a pig to sing; it wastes your time and annoys the pig."'' == HOWTOs == [[macOS]] [[Oracle]] [[Linux]] [[OpenSSL]] [[Useful]] [[FreeBSD]] [[VMware]] == Miscellaneous == My RPMs [http://www.chepkov.com/rpms/ repository] ---- <div style="text-align:right"> [[Image:RedHat_Linux.svg|320x70px|link=https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux|caption=Red Hat Enterprise Linux]] </div> f7ddda8d718c7ba694ecb2fc5aac51d3fe666c18 604 603 2021-03-16T22:57:09Z Vvc 1 wikitext text/x-wiki __NOTOC__ = VVC Wiki = This is my own personal wiki. I mostly keep it for my own use, to remind me how I did some tasks, but if you find something useful, enjoy it on your own risk. Vadym Chepkov NB: ''"Never try to teach a pig to sing; it wastes your time and annoys the pig."'' == HOWTOs == [[macOS]] [[Oracle]] [[Linux]] [[OpenSSL]] [[Useful]] [[FreeBSD]] [[VMware]] == Miscellaneous == My RPMs [http://www.chepkov.com/rpms/ repository] ---- <div style="text-align:right"> Powered by [[Image:RedHat_Linux.svg|320x70px|link=https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux|caption=Red Hat Enterprise Linux]] </div> f52fafa0f83dd92e36740fbc6453417ac3e66947 6 133 602 2021-03-16T22:52:46Z Vvc 1 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 0 70 605 524 2021-06-26T13:53:52Z Vvc 1 obsolete tag wikitext text/x-wiki [[Time Machine]] * To show hidden files defaults write com.apple.finder AppleShowAllFiles TRUE killall Finder * To allow Remote disc feature on non-Air Macs defaults write com.apple.NetworkBrowser EnableODiskBrowsing -bool true defaults write com.apple.NetworkBrowser ODSSupported -bool true sudo reboot * To change Computer name scutil --set HostName servername.example.com scutil --set ComputerName servername scutil --set LocalHostName servername * To check what is preventing MacBook to go to sleep pmset -g assertions In my case it was a stuck job in a printer queue: Listed by owning process: pid 19: [0x0000012c00000013] PreventSystemSleep named: "org.cups.cupsd" * To make Ctrl_L & ALT_L combination work in X11 <pre> cat > ~/.Xmodmap << EOF clear Mod1 keycode 66 = Alt_L keycode 69 = Alt_R add Mod1 = Alt_L add Mod1 = Alt_R EOF </pre> 1000e0f2b442da1536ae88e84c88aeb63f4df1a9 606 605 2021-06-26T13:54:56Z Vvc 1 wikitext text/x-wiki [[Time Machine]] [[Category:macOSX]] * To show hidden files defaults write com.apple.finder AppleShowAllFiles TRUE killall Finder * To allow Remote disc feature on non-Air Macs defaults write com.apple.NetworkBrowser EnableODiskBrowsing -bool true defaults write com.apple.NetworkBrowser ODSSupported -bool true sudo reboot * To change Computer name scutil --set HostName servername.example.com scutil --set ComputerName servername scutil --set LocalHostName servername * To check what is preventing MacBook to go to sleep pmset -g assertions In my case it was a stuck job in a printer queue: Listed by owning process: pid 19: [0x0000012c00000013] PreventSystemSleep named: "org.cups.cupsd" * To make Ctrl_L & ALT_L combination work in X11 <pre> cat > ~/.Xmodmap << EOF clear Mod1 keycode 66 = Alt_L keycode 69 = Alt_R add Mod1 = Alt_L add Mod1 = Alt_R EOF </pre> 5891af515646616d3dc04529d54d4039cfb93af4 607 606 2021-06-26T13:55:54Z Vvc 1 wikitext text/x-wiki [[Time Machine]] [[Category:macOS]] * To show hidden files defaults write com.apple.finder AppleShowAllFiles TRUE killall Finder * To allow Remote disc feature on non-Air Macs defaults write com.apple.NetworkBrowser EnableODiskBrowsing -bool true defaults write com.apple.NetworkBrowser ODSSupported -bool true sudo reboot * To change Computer name scutil --set HostName servername.example.com scutil --set ComputerName servername scutil --set LocalHostName servername * To check what is preventing MacBook to go to sleep pmset -g assertions In my case it was a stuck job in a printer queue: Listed by owning process: pid 19: [0x0000012c00000013] PreventSystemSleep named: "org.cups.cupsd" * To make Ctrl_L & ALT_L combination work in X11 <pre> cat > ~/.Xmodmap << EOF clear Mod1 keycode 66 = Alt_L keycode 69 = Alt_R add Mod1 = Alt_L add Mod1 = Alt_R EOF </pre> 8849018aa67b62dfe5bcfe2f8271353d854fae44 608 607 2021-06-26T13:58:25Z Vvc 1 wikitext text/x-wiki {{lowercase}} [[Time Machine]] [[Category:macOS]] * To show hidden files defaults write com.apple.finder AppleShowAllFiles TRUE killall Finder * To allow Remote disc feature on non-Air Macs defaults write com.apple.NetworkBrowser EnableODiskBrowsing -bool true defaults write com.apple.NetworkBrowser ODSSupported -bool true sudo reboot * To change Computer name scutil --set HostName servername.example.com scutil --set ComputerName servername scutil --set LocalHostName servername * To check what is preventing MacBook to go to sleep pmset -g assertions In my case it was a stuck job in a printer queue: Listed by owning process: pid 19: [0x0000012c00000013] PreventSystemSleep named: "org.cups.cupsd" * To make Ctrl_L & ALT_L combination work in X11 <pre> cat > ~/.Xmodmap << EOF clear Mod1 keycode 66 = Alt_L keycode 69 = Alt_R add Mod1 = Alt_L add Mod1 = Alt_R EOF </pre> a8098a5b7fc744cca9b61462f77db496cd491db3 609 608 2021-06-26T14:01:40Z Vvc 1 wikitext text/x-wiki [[Time Machine]] [[Category:macOS]] * To show hidden files defaults write com.apple.finder AppleShowAllFiles TRUE killall Finder * To allow Remote disc feature on non-Air Macs defaults write com.apple.NetworkBrowser EnableODiskBrowsing -bool true defaults write com.apple.NetworkBrowser ODSSupported -bool true sudo reboot * To change Computer name scutil --set HostName servername.example.com scutil --set ComputerName servername scutil --set LocalHostName servername * To check what is preventing MacBook to go to sleep pmset -g assertions In my case it was a stuck job in a printer queue: Listed by owning process: pid 19: [0x0000012c00000013] PreventSystemSleep named: "org.cups.cupsd" * To make Ctrl_L & ALT_L combination work in X11 <pre> cat > ~/.Xmodmap << EOF clear Mod1 keycode 66 = Alt_L keycode 69 = Alt_R add Mod1 = Alt_L add Mod1 = Alt_R EOF </pre> {{lowercase}} b6df62fa5e78857801ac9daac3fbdea52d660ab8 610 609 2021-06-26T14:02:01Z Vvc 1 wikitext text/x-wiki [[Time Machine]] [[Category:macOS]] * To show hidden files defaults write com.apple.finder AppleShowAllFiles TRUE killall Finder * To allow Remote disc feature on non-Air Macs defaults write com.apple.NetworkBrowser EnableODiskBrowsing -bool true defaults write com.apple.NetworkBrowser ODSSupported -bool true sudo reboot * To change Computer name scutil --set HostName servername.example.com scutil --set ComputerName servername scutil --set LocalHostName servername * To check what is preventing MacBook to go to sleep pmset -g assertions In my case it was a stuck job in a printer queue: Listed by owning process: pid 19: [0x0000012c00000013] PreventSystemSleep named: "org.cups.cupsd" * To make Ctrl_L & ALT_L combination work in X11 <pre> cat > ~/.Xmodmap << EOF clear Mod1 keycode 66 = Alt_L keycode 69 = Alt_R add Mod1 = Alt_L add Mod1 = Alt_R EOF </pre> 8849018aa67b62dfe5bcfe2f8271353d854fae44 612 610 2021-06-26T14:11:39Z Vvc 1 wikitext text/x-wiki {{lowercase title}} [[Time Machine]] [[Category:macOS]] * To show hidden files defaults write com.apple.finder AppleShowAllFiles TRUE killall Finder * To allow Remote disc feature on non-Air Macs defaults write com.apple.NetworkBrowser EnableODiskBrowsing -bool true defaults write com.apple.NetworkBrowser ODSSupported -bool true sudo reboot * To change Computer name scutil --set HostName servername.example.com scutil --set ComputerName servername scutil --set LocalHostName servername * To check what is preventing MacBook to go to sleep pmset -g assertions In my case it was a stuck job in a printer queue: Listed by owning process: pid 19: [0x0000012c00000013] PreventSystemSleep named: "org.cups.cupsd" * To make Ctrl_L & ALT_L combination work in X11 <pre> cat > ~/.Xmodmap << EOF clear Mod1 keycode 66 = Alt_L keycode 69 = Alt_R add Mod1 = Alt_L add Mod1 = Alt_R EOF </pre> 3cfcbd99d28acad634b877c5807de0d8fb98e706 613 612 2021-06-26T14:12:22Z Vvc 1 wikitext text/x-wiki [[Time Machine]] [[Category:macOS]] * To show hidden files defaults write com.apple.finder AppleShowAllFiles TRUE killall Finder * To allow Remote disc feature on non-Air Macs defaults write com.apple.NetworkBrowser EnableODiskBrowsing -bool true defaults write com.apple.NetworkBrowser ODSSupported -bool true sudo reboot * To change Computer name scutil --set HostName servername.example.com scutil --set ComputerName servername scutil --set LocalHostName servername * To check what is preventing MacBook to go to sleep pmset -g assertions In my case it was a stuck job in a printer queue: Listed by owning process: pid 19: [0x0000012c00000013] PreventSystemSleep named: "org.cups.cupsd" * To make Ctrl_L & ALT_L combination work in X11 <pre> cat > ~/.Xmodmap << EOF clear Mod1 keycode 66 = Alt_L keycode 69 = Alt_R add Mod1 = Alt_L add Mod1 = Alt_R EOF </pre> 8849018aa67b62dfe5bcfe2f8271353d854fae44 614 613 2022-03-21T01:10:07Z Vvc 1 wikitext text/x-wiki [[Time Machine]] [[Category:macOS]] * To show hidden files defaults write com.apple.finder AppleShowAllFiles TRUE killall Finder * To allow Remote disc feature on non-Air Macs defaults write com.apple.NetworkBrowser EnableODiskBrowsing -bool true defaults write com.apple.NetworkBrowser ODSSupported -bool true sudo reboot * To prevent creation of .DS_Store files on network drives defaults write com.apple.desktopservices DSDontWriteNetworkStores true * To change Computer name scutil --set HostName servername.example.com scutil --set ComputerName servername scutil --set LocalHostName servername * To check what is preventing MacBook to go to sleep pmset -g assertions In my case it was a stuck job in a printer queue: Listed by owning process: pid 19: [0x0000012c00000013] PreventSystemSleep named: "org.cups.cupsd" * To make Ctrl_L & ALT_L combination work in X11 <pre> cat > ~/.Xmodmap << EOF clear Mod1 keycode 66 = Alt_L keycode 69 = Alt_R add Mod1 = Alt_L add Mod1 = Alt_R EOF </pre> 9589bfabf4156183cfe20e0c811d07aba5cfe9fc 14 134 611 2021-06-26T14:02:36Z Vvc 1 macOS wikitext text/x-wiki macOS cd6fdcbf5a860d174ac10af745972501941dc684 6 135 615 2022-12-29T14:55:18Z Vvc 1 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 1 56 616 592 2022-12-29T14:56:22Z Vvc 1 wikitext text/x-wiki == Eat your hearts out == Something to write home about [[Image:Fios2022.png|400px]] ---- :Courtesy of [http://www.speedtest.net/ Speedtest by Ookla] 61f42941cea15e5c0cf27ce623a6f98c9618cc1f